Model Overview
OAuth2Server requires a model object through which some aspects of storage, retrieval and custom validation are abstracted.
Grant Types
RFC 6749 describes a number of grants for a client application to acquire an access token.
The following grant types are supported by oauth2-server:
Client Credentials Grant
The client can request an access token using only its client credentials (or other supported means of authentication) when requesting access to the protected resources under its control.
Note
The client credentials grant type must only be used by confidential clients.
Model functions used by the client credentials grant:
Refresh Token Grant
If the authorization server issued a refresh token to the client, the client can request a refresh of their authorization token.
Model functions used by the refresh token grant:
Password Grant
The password grant is suitable for clients capable of obtaining the resource owner’s credentials (username and password, typically using an interactive form).
Model functions used by the password grant:
Extension Grants
The authorization server may also implement custom grant types to issue access (and optionally refresh) tokens.
See Extension Grants.
Request Authentication
The authorization server authenticates requests sent to the resource server by verifying the included bearer token.
Model functions used during request authentication: