The most critical step for the application in the OAuth flow is how the client will receive an access token (and optionally a refresh token). The mechanism used to retrieve this token is called a grant type. Different grant types are more appropriate for different scenarios as we will discover in the following sections.

OAuth 2.0 provides four standard grant types and an extension grant type that can be used to customize the authentication and authorization process depending on the application requirements. These grant types are described in detail below.