Grant types
The page summarizes the default grant types available for each application type. You can use any of the available types by default.
The client selects the grant type when sending a query parameter grant_type along with the request.
For the implementation, we are compliant with IETF RFC 6749 - The OAuth 2.0 Authorization Framework.
| Application Type | Allowed Grant Type | PKCE mode |
|---|---|---|
| API | client_credentials | Not applicable |
| NAT | authorization_code | required |
| SPA | authorization_code | required |
| WEB | authorization_code | allowed |
note
The grant type refresh_token is also allowed for NAT, SPA, and WEB. Using refresh_token, you can request an access token or an ID token without requiring the user to reauthenticate.