OAuth Workflow

Primary Learning Resources

• Introduction to OAuth 2.0 Workflow Workflow of OAuth 2.0 - GeeksforGeeks
• This blog goes into the best practice of OAuth and why the implicit grant type is deprycated What is going on with OAuth 2.0? And why you should not use it for authentication. | by Damian Rusinek | SecuRing | Medium

There are four flows (called grant types) to obtain the resource owner’s permission (technically called access token): authorization code, implicit, resource owner password credentials and client credentials.

OAuth Testing

Go back to the trusty HackTricks OAuth to Account takeover - HackTricks