Here is a great Youtube Video by okta. The guy giving the talk made the tool called oauthdebugger.com and oidcdebugger.com – sweet. He humbly states – don’t do this or that even if you trust me. It helps us to be on the straight an narrow especially with (likely) someone else’s data and tools (our clients)
- Authorization code – the main one on the 1st part of the video
- Implicit (front channel) for things where the is no backend available
- Resource owner/pw – not used much but machine to machine backend
- Client Credentials – used to make old apps work but not used for new apps
OpenID Connect IS OAuth with an added scope called openid