Chapter 7. OAuth for Trusted Applications
In the previous chapter, we learned how to use OAuth 2.0 in mobile applications. We also learned about custom URL schemes, how to define them and how to use them. Up to this point in this book, we have covered the authorization code grant and the implicit grant, two out of the four grants defined in the OAuth 2.0 specification.
In this chapter, we will cover the remaining two grants defined in the OAuth 2.0 specification—the Resource Owner Password Credentials grant (which we can call the password grant for short) and the client credentials grant.
These two grants are most suitable in environments where trust and information confidentiality are assured. For example, the password grant can be used in internal ...