The following authentication models are supported by the AT&T OAuth 2.0 Authentication Management API:
- Server Access with No Customer Context: where only the application is required to authenticate (grant_type=client_credentials).
- Server Access With Customer Context: where a web browser is acting as a user agent and providing a vehicle for user consent capture (grant_type=authorization_code).
- Note: Authentication where the user and application need to consent consists of a two-step process:
- The first step involves getting the user's consent via a browser, and returns an "Authorization Code".
- The second step involves the application consent PLUS passing in the "Authorization Code" and returns an OAuth token peculiar to a combination of user and application.