Cheat Sheets/OAuth 2.0 Flow Visualizer
security

OAuth 2.0 Flow Visualizer

Understanding OAuth 2.0 authorization flow

OAuthSecurityAuth
Authorization Code Flow
1. Redirect

Client redirects user to authorization server

2. Authorize

User grants permission

3. Code

Server redirects back with authorization code

4. Token

Client exchanges code for access token

5. API

Client uses token to access protected resources

Grant Types
Authorization Code

Most secure. For server-side apps

PKCE

Authorization Code + code verifier. For SPAs/mobile

Client Credentials

Machine-to-machine. No user involved

Device Code

For input-constrained devices (TV, CLI)