Back to Cheat Sheets
Cheat Sheets/OAuth 2.0 Flow Visualizer
security
OAuth 2.0 Flow Visualizer
Understanding OAuth 2.0 authorization flow
OAuthSecurityAuth
Authorization Code Flow
1. Redirect
Client redirects user to authorization server
2. Authorize
User grants permission
3. Code
Server redirects back with authorization code
4. Token
Client exchanges code for access token
5. API
Client uses token to access protected resources
Grant Types
Authorization Code
Most secure. For server-side apps
PKCE
Authorization Code + code verifier. For SPAs/mobile
Client Credentials
Machine-to-machine. No user involved
Device Code
For input-constrained devices (TV, CLI)