Authorization Code Grant Flow

This is a step by step demonstration of the API Access Management Authorization Code Grant Flow.
The authorization code grant type is used to obtain both access tokens and refresh tokens and is optimized for confidential clients. Since this is a redirection-based flow, the client must be capable of interacting with the resource owner's user-agent (typically a web browser) and capable of receiving incoming requests (via redirection) from the authorization server.

Start Demo

Client Credentials Grant Flow

This is a step by step demonstration of the API Access Management Client Credentials Grant Flow.
The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control, or those of another resource owner that have been previously arranged with the authorization server (the method of which is beyond the scope of this specification).

Start Demo

Implicit Flow (Mobile or Single Page Apps)

Used when you can't count on the application to keep secrets.
Public Application.


Start Demo

Resources Owner Passwords Flow

Is a valid flow, but not used much because you need to give your username/password to a 3rd Party.
Has to be a private application (Needs to keep secrets)
Client needs to send:
1. Client ID
2. Client Secret
3. Username
4. Password

Start Demo