Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Alex Bilbie:
A Guide To OAuth 2.0 Grants
Aug 02, 2016 @ 10:12:33

While the actual post is older, Alex Bilbie, lead developer on The PHP League's OAuth2 PHP Server package, has made some updates to his overview of OAuth 2 grants - what they mean and how they can be used in your OAuth-enabled application's flow.

The OAuth 2.0 specification is a flexibile authorization framework that describes a number of grants (“methods”) for a client application to acquire an access token (which represents a user’s permission for the client to access their data) which can be used to authenticate a request to an API endpoint.

The specification describes five grants for acquiring an access token: authorization code grant, implicit grant, resource owner credentials grant, client credentials grant and Refresh token grant. In this post I’m going to describe each of the above grants and their appropriate use cases.

He then walks through each of these grant types, providing a brief summary of what they're for and the data they must include as well as links to more information. The post wraps up with a flowchart that helps you decide which of the grant types to use in your system and a few other questions to answer to find the right fit.

tagged: oauth2 grants

Link: http://alexbilbie.com/guide-to-oauth-2-grants/