http://www.ruanyifeng.com/blog/2019/04/oauth-grant-types.html
- Password mode (Resource owner password Credentials) (
为遗留系统设计) (支持refresh token) - Authorization code pattern (Authorization code) (
正宗方式) (支持refresh token) - Simplified mode (Implicit) (
为web浏览器应用设计) (不支持refresh token) - Client mode (Client Credentials) (
为后台api服务消费者设计) (不支持refresh token)
- Authorization code pattern (authorization code)
- Simplified mode (Implicit) (
client为浏览器/前端应用) - Password mode (Resource owner password Credentials) (
用户密码暴露给client端不安全) - Client mode (Client Credentials) (
主要用于api认证,跟用户无关)