Here we demos some of the basic OAuth2.0 Workflows. Corresponding request and response raw debug message will show in a step-by-step, page-by-page style. Read though routing_demo.php and DemoController.php to see how we implement it.
The authorization code grant type is used to obtain both access tokens and refresh tokens and is optimized for confidential clients.
The resource owner password credentials grant type is suitable in cases where the resource owner has a trust relationship with the client, such as the device operating system or a highly privileged application.
The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control, or those of another resource owner that have been previously arranged with the authorization server (the method of which is beyond the scope of this specification).