Page created: 7 Dec 2021 |
Page updated: 14 Aug 2023
OAuth 2 and OpenID Connect define the authorization grant types by which a client application obtains an authorization grant in the form of an access token.
PingOne supports the following grant types:
- Authorization code
- This grant type is used by web applications. The authorization request generates an authorization code that is exchanged for an access token. An authorization code expires after 10 minutes.
- This grant type is intended for use by mobile applications or client-side web applications with no server-side component. The implicit grant type is for applications that cannot guarantee the confidentiality of the client secret.
- Client credentials
- This grant type is made directly to the token endpoint and is used to request an
access token for either:
- Resources owned by the application rather than a user.
- Resources belonging to multiple end users.
- Refresh token
- This grant type is used by applications to exchange a refresh token for an expired access token. It gives applications the ability to acquire a valid access token without additional user interaction. To obtain a refresh token along with an access token, the client must be configured with the refresh_token grant type and the authorization_code grant type.