Previously I wrote a post on my first step towards understanding OAuth. This post continues builds on that. OAuth has different types of flows targeting various scenarios or use cases. The main feature that differentiates each of these flows is the grant type. What exactly is an OAuth grant type? An OAuth grant is something that a client application could exchange for an access token from an Authorization Server. An access token typically represents a user's permission for the client application to access the resources on their behalf OAuth Grant Types The OAuth 2.0 core specification defines four types of grants, Authorization code grant Implicit grant Resource owner credentials grant Client credentials grant In addition to these the core specification also defines a refresh grant type. There are few new additions to these as well, Message authentication code (MAC) tokens SAML 2.0 Bearer Assertion Profiles JSON Web Token grant I would like to focus on