Here we'll explore how SAML 2.0 bearer assertions can be used as authorization grants.
Regarding bearer assertions: a bearer is an entity (for example, a client application) in possession of an assertion, where the entity doesn't have to demonstrate proof of possession of the given assertion with some cryptographic key. Because of this, when the client application is supplying the assertion in the request to the server, the use of secure communication (TLS) is required so that the assertion is not compromised.
Key characteristic of this new grant type is that the client application is exchanging the SAML assertion for an access token.
The flow consists of the following steps: