Obtains tokens through a secure back-channel exchange and supports client authentication and PKCE.
Used for machine-to-machine scenarios where tokens are issued to the client itself rather than an end user.
Supports devices with limited input capabilities (TVs, consoles, CLI tools) by allowing users to authenticate on a separate device while the client polls for approval.
Combines elements of the implicit and authorization code flows, allowing the client to receive both tokens and an authorization code.
A legacy flow for browser-based applications in which tokens are returned directly from the authorization endpoint.
A legacy flow that issues tokens using a user’s credentials sent directly to the token endpoint.
The OAuth2 / OIDC grant type.
Export