http://www.ruanyifeng.com/blog/2019/04/oauth-grant-types.html
- Password mode (Resource owner password Credentials) (
为遗留系统设计
) (支持refresh token
) - Authorization code pattern (Authorization code) (
正宗方式
) (支持refresh token
) - Simplified mode (Implicit) (
为web浏览器应用设计
) (不支持refresh token
) - Client mode (Client Credentials) (
为后台api服务消费者设计
) (不支持refresh token
)
- Authorization code pattern (authorization code)
- Simplified mode (Implicit) (
client为浏览器/前端应用
) - Password mode (Resource owner password Credentials) (
用户密码暴露给client端不安全
) - Client mode (Client Credentials) (
主要用于api认证,跟用户无关
)