OAuth 2.0 Flows

June 2021

Authorization Code Flow for Server based Web Application

In the case of a singe page web application, the client_secret is not sent. However, the application (the client) cannot impersonate another client by changing the client_id. This is since the redirect_uri is verified in the step 5. In the step 8 the user will always be redirected to the URI registered against client_id.

Device Flow

This flow is used by devices such as speakers that do not have an interface to allow user login.


The end
Other Articles