The tokens (access, refresh, and ID) are the key to use OAuth 2.0 and OpenID Connect.
The OAuth protocol provides different ways to obtain these tokens. You can use the appropriate authorization grant type based on the business requirements. For more information about security requirements, see OAuth 2.0 Security Best Current Practice.
Authorization Grant |
Type of Application |
---|---|
Server-side Applications |
|
|
|
|
|
|
|
|
|
Applications that already have the SAML assertions and require to access the OAuth-protected resources. |