OAuth 2 and OpenID Connect define the authorization grant types by which a client application obtains an authorization grant in the form of an access token. PingOne supports the following grant types:
This grant type is used by web applications. The authorization request generates an authorization code that is exchanged for an access token. For more information, see Authorization request with a code grant.
This grant type is intended for use by native applications or client-side web applications with no server-side component. The implicit grant type is for applications that cannot guarantee the confidentiality of the client secret.
In this flow, the client makes a request to the server’s authorization endpoint. If the request contains the id_token
response type and the openid
scope, then it is considered an authentication (OpenID Connect) request, and an ID token is issued. For more information, see Native and single-page applications.
This grant type is made directly to the token endpoint and is used to request an access token for either:
The client uses HTTP basic authentication with its client ID
and client secret
to authenticate itself to the token endpoint and must specify a Content-Type
of application/x-www-form-urlencoded
. For more information, see Obtain an access token.
This grant type is used by applications to exchange the refresh token for a new access token. It gives applications the ability to acquire a valid access token without additional interaction. For more information, see Obtain an access token.
This grant type is used by applications to return an activation code in the response to the POST /{{envID}}/as/device_authorization
request. It gives OAuth enabled devices such as smart TVs the ability to complete user authorization and access protected resources. For more information, see Device Authorization Grant.