Extensions to the OAuth 2.0 framework
Throughout the book, we discussed how to integrate with OAuth 2.0-compliant service providers via either the implicit grant flow or the authorization code grant flow. We invoked these flows to request, and subsequently use, access tokens. These flows represent the majority of flows that application developers will encounter. However, this is only a narrow view with regard to the broader range of capabilities allowed by the framework. There are many extensions that can be added to the OAuth 2.0 Authorization Framework to facilitate many additional use cases. Let's take a look at some.
Custom grant types
When your client application interacts with a service provider, such as Facebook, it does so via a particular, predefined grant type. In the book, we discussed the two most commonly used grant types:
- Authorization code grant
- Implicit grant
However, there are two additional grant types that are supported:
- Resource owner password credentials grant
- Client...
