Docs

Available Grant Types

Various grant types are valid when registering Auth0 Applications. These can be divided into the following categories:

  • Spec-conforming grants: Grants defined by and conforming to external specifications (such as OpenID Connect (OIDC)).
  • Auth0 extension grants: Auth0-specific grants that conform to the OAuth extension mechanism to support additional clients or to provide a bridge between OAuth and other trust frameworks.
  • Auth0 legacy grants: Traditional grant types supported for legacy customers only. If you are a legacy customer, we highly recommend moving to a more secure alternative. For info on working with legacy grant types and their alternatives, see Legacy Grant Types.

Spec-conforming grants

grant_type More info
implicit Implicit Grant
authorization_code Authorization Code Grant
client_credentials Client Credentials Grant
password Resource Owner Password Grant
refresh_token Use a Refresh Token
urn:ietf:params:oauth:grant-type:device_code Device Authorization Grant

Auth0 extension grants

grant_type More info
http://auth0.com/oauth/grant-type/password-realm Use an extension grant similar to the Resource Owner Password Grant that includes the ability to indicate a specific realm
http://auth0.com/oauth/grant-type/mfa-oob Multi-factor Authentication OOB Grant Request
http://auth0.com/oauth/grant-type/mfa-otp Multi-factor Authentication OTP Grant Request
http://auth0.com/oauth/grant-type/mfa-recovery-code Multi-factor Authentication Recovery Grant Request

Auth0 legacy grants

Legacy grants include:

  • http://auth0.com/oauth/legacy/grant-type/ro
  • http://auth0.com/oauth/legacy/grant-type/ro/jwt-bearer
  • http://auth0.com/oauth/legacy/grant-type/delegation/refresh_token
  • http://auth0.com/oauth/legacy/grant-type/delegation/id_token
  • http://auth0.com/oauth/legacy/grant-type/access_token

For info on working with legacy grant types and their alternatives, see Legacy Grant Types.

Keep reading