Application Grant Types

Application grant types (or flows) are methods through which applications can gain Access Tokens and by which you grant limited access to your resources to another entity without exposing credentials. The OAuth 2.0 protocol supports several types of grants, which allow different types of access.

Based on the needs of your application, some grant types are more appropriate than others. Auth0 provides many different authentication and authorization flows and allows you to indicate which grant types are appropriate based on the grant_types property of your Auth0-registered Application.

For example, let's say you are securing a mobile app. In this case, you'd use the Authorization Code using Proof Key for Code Exchange (PKCE) Grant.

Alternatively, if you were securing a client-side app (such as a single-page app), you'd use the Implicit Grant.

Not sure which grant type is appropriate for your use case? Refer to Which OAuth 2.0 flow should I use? for help.

Keep Reading