The page summarizes the default grant types available for each application type. You can use any of the available types by default.
The client selects the grant type when sending a query parameter
grant_type along with the request.
For the implementation, we are compliant with IETF RFC 6749 - The OAuth 2.0 Authorization Framework.
|Application Type||Allowed Grant Type||PKCE mode|
The grant type
refresh_token is also allowed for NAT, SPA, and WEB. Using
refresh_token, you can request an access token or an ID token without requiring the user to reauthenticate.
Was this page helpful?