Pablo Cibraro

My notes about software development, security and other stuff.

OAuth 2.0 Flows

The following decision tree shows the recommended flows that you could potentially use in your application.

altOAuth 2.0 Code Flows

A public client is a device or application with no private storage for secrets (e.g. a mobile phone or a javascript SPA)

A device with no keyboard could be a smart tv for example.

Two OAuth 2.0 flows have been left out of this diagram as they are not consider secure anymore. Resource Owner Password Flow and Implicit Flow.