Application Grant Types
Application grant types (or flows) are methods through which applications can gain Access Tokens and by which you grant limited access to your resources to another entity without exposing credentials. The OAuth 2.0 protocol supports several types of grants, which allow different types of access.
Based on the needs of your application, some grant types are more appropriate than others. Auth0 provides many different authentication and authorization flows and allows you to indicate which grant types are appropriate based on the
grant_types property of your Auth0-registered Application.
For example, let's say you are securing a mobile app. In this case, you'd use the Authorization Code using Proof Key for Code Exchange (PKCE) Grant.
Alternatively, if you were securing a client-side app (such as a single-page app), you'd use the Implicit Grant.
- To learn which grant types are available in Auth0, see Available Grant Types.
- To learn which grant types are available based to different application types, see Auth0 Grant Types Mapping
- Learn how to update an application's grant types using the Auth0 Dashboard or the Management API.
- For info on working with legacy grant types and their alternatives, see Legacy Grant Types