+----------+ | Resource | | Owner | +----------+ ^ | +----|-----+ Client Identifier +---------------+ | -+--(A)-- & Redirection URI --->| | | User- | | Authorization | | Agent -+--(B)-- User authenticates -->| Server | | | | | | -+--(C)-- Authorization Code --<| | +-|----|---+ +---------------+ | | ^ v (A) (C) | | | | | | ^ v | | +---------+ | | | |>-(D)-- Authorization Code --------' | | Client | & Redirection URI | | | | | |<-(E)----- Access Token ------------------' +---------+ (w/ Optional Refresh Token)
+----------+ Client Identifier +---------------+ | +----(A)-- & Redirection URI --->| | | User- | | Authorization | | Agent | | Server | | |<---(B)--- Redirection URI ----<| | | | with Access Token +---------------+ | | in Fragment | | +---------------+ | |----(C)--- Redirection URI ---->| | | | without Fragment | Client | | | | Resource | | (E) |<---(D)------- Script ---------<| | | | +---------------+ +-|--------+ | | (A) (F) Access Token | | ^ v +---------+ | | | Client | | | +---------+
+----------+ | Resource | | Owner | | | +----------+ v | Resource Owner (A) Password Credentials | v +---------+ +---------------+ | |>-(B)---- Resource Owner ------>| | | | Password Credentials | Authorization | | Client | | Server | | |<-(C)---- Access Token --------<| | | | (w/ Optional Refresh Token) | | +---------+ +---------------+
+---------+ +---------------+ | | | | | |>-(A)- Client Authentication -->| Authorization | | Client | | Server | | |<-(B)---- Access Token --------<| | | | | | +---------+ +---------------+