Rob L
Reputation: 3304
In OAuth 2.0, what is the difference between a grant and a flow?
I have been reading through the OAuth 2.0 spec and I can't figure out the difference between a grant and a flow. The documentation seems to use the terms interchangeably. Grants are defined here.
For example, consider the following snippet taken directly from the spec:
The implicit grant is a simplified authorization code flow optimized for clients...
Why didn't they say
implicit flow is a simplified authorization code flow optimized for clients...
? Can someone please explain what the difference is between a grant and a flow?
Upvotes: 11
Views: 1299
Answers (1)
Spomky-Labs
Reputation: 16775
The flow is more generic and refers to the whole protocol that allows the access token issuance.
The authorization grant refers only to the credentials used during the flow (authorization code, client credentials...).
Upvotes: 9
Related Questions
- OpenId connect and OAuth 2.0 password grant - what is the difference?
- Open ID Connect Flow and OAuth Grant
- Difference between the "Resource Owner Password Flow" and the "Client Credentials Flow"
- Difference between the “Resource Owner Password Flow” and the “Implicit grant”
- Understanding OAuth2 flow
- OAuth 2.0 auth code grant flow vs client credential grant flow
- Oauth2 Flow , difference between Authorise and Authorisation Grant
- Which OAuth2 flow/grant type I should use?
- Trying to understand the OAuth2 flow
- OAuth 2 - What is the difference between 'Username and Password Flow' vs 'Client Credential Flow'