Grant types

This grant type is used by web applications. The authorization request generates an authorization code that is exchanged for an access token. For more information, refer to Authorization request with a code grant in PingOne Platform Auth APIs.

This grant type is intended for use by native applications or client-side web applications with no server-side component. The implicit grant type is for applications that cannot guarantee the confidentiality of the client secret.

In this flow, the client makes a request to the server’s authorization endpoint. If the request contains the id_token response type and the openid scope, then it is considered an authentication (OpenID Connect) request, and an ID token is issued. For more information, refer to Native and single-page applications.

This grant type is made directly to the token endpoint and is used to request an access token for either:

The client uses HTTP basic authentication with its client ID and client secret to authenticate itself to the token endpoint and must specify a Content-Type of application/x-www-form-urlencoded. For more information, refer to Obtain an access token in PingOne Platform Auth APIs.

This grant type is used by applications to exchange the refresh token for a new access token. It gives applications the ability to acquire a valid access token without additional interaction. For more information, refer to Obtain an access token in PingOne Platform Auth APIs.

This grant type is used by applications to return an activation code in the response to the POST /{{envID}}/as/device_authorization request. It gives OAuth enabled devices such as smart TVs the ability to complete user authorization and access protected resources. For more information, refer to Device Authorization Grant in PingOne Platform Auth APIs.