OAuth Workflow
Primary Learning Resources
- Introduction to OAuth 2.0 Workflow Workflow of OAuth 2.0 - GeeksforGeeks
- This blog goes into the best practice of OAuth and why the implicit grant type is deprycated What is going on with OAuth 2.0? And why you should not use it for authentication. | by Damian Rusinek | SecuRing | Medium
There are four flows (called grant types) to obtain the resource ownerโs permission (technically calledย access token):ย authorization code,ย implicit,ย resource owner password credentialsย andย client credentials.
OAuth Testing
Go back to the trusty HackTricks OAuth to Account takeover - HackTricks