What are the differences?

The main differences between the server-side workflow and the client-side workflow can be summarized in this table:

	Simplicity	Security	Access duration
Server-side flow (authorization code grant flow)	More complex: In order to facilitate the secure storage and transmission of confidential data, a backend server and data store must be maintained.	More secure: The server-side flow never exposes the key to the browser, and so has a significantly smaller chance of being leaked.	Long-term: Because an application using the authorization code grant flow is trusted to store confidential information, it can store properties needed for long-term, even offline, access.
Client-side flow (implicit grant flow)	Less complex ...

Simplicity

Security

Access duration

Server-side flow

(authorization code grant flow)

More complex: In order to facilitate the secure storage and transmission of confidential data, a backend server and data store must be maintained.

More secure: The server-side flow never exposes the key to the browser, and so has a significantly smaller chance of being leaked.

Long-term: Because an application using the authorization code grant flow is trusted to store confidential information, it can store properties needed for long-term, even offline, access.

Client-side flow

(implicit grant flow)

Less complex ...

Get Mastering OAuth 2.0 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering OAuth 2.0 by Charles Bihis

What are the differences?

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly