Application Grant Types

Grant types (or flows) define how applications in Login 3.0 gain Access Tokens and enable secure, limited access to resources. Based on your application's needs, certain grant types are more appropriate than others. The OAuth 2.0 protocol underpins many of these flows, supplemented by Login 3.0-specific extensions for advanced scenarios.

Grant types for applications in Login 3.0 are configured by the UPBOND team during application registration or updates.

Available Grant Types

Specification-Conforming Grants

Grant Type

Description

implicit

Implicit Grant.

authorization_code

Authorization Code Grant.

client_credentials

Client Credentials Grant.

password

Resource Owner Password Grant.

refresh_token

Use Refresh Tokens.

urn:ietf:params:oauth:grant-type:device_code

Device Authorization Grant. (in-development)

Grant Type Mapping by Application Type

Public Applications

Public applications, such as Single-Page Applications (SPAs) and Native Applications, cannot securely store credentials and are limited to grant types that do not require them.

By default, public applications are configured with the following grant types:

  • implicit

  • authorization_code

  • refresh_token

  • urn:ietf:params:oauth:grant-type:device_code (for Native Apps —in development)

Public applications cannot use the client_credentials grant type. To enable this grant type, the application must be reclassified as a confidential application.

Confidential Applications

Confidential applications, such as Regular Web Applications and Machine-to-Machine (M2M) Applications, can securely store credentials. By default, these applications are configured with the following grant types:

  • implicit

  • authorization_code

  • refresh_token

  • client_credentials

How to Enable or Update Grant Types

To enable or update grant types for your application:

  1. Contact the UPBOND Team:

    Provide the following details:

    • Application name or Client ID.

    • Desired grant types based on your application type and use case.

  2. Configuration by UPBOND:

    The UPBOND team will update your application's settings with the appropriate grant types.

  3. Testing and Validation:

    Verify that your application works as expected with the updated grant types.

PreviousCredential SettingsNextUpdate Grant Types

Last updated

Was this helpful?