Real Time examples for Oauth2 Grant Types and Good document, example for Oauth2 with Spring MVC

In terms of understanding the flows and the differences between them, this presentation is the best resource I found online. After this, if you read the OAuth2 spec description, it'll be much easier to follow.

Unfortunately, in terms of code samples, there isn't good Spring Security OAuth2 sample code out there (the Sparklr and Tonr examples are okay but not super clear). Best resource there is to look at unit tests in Spring Security OAuth2 code on github.

One question I want to ask is - are you looking to create your own OAuth2 Provider or do you just want to connect to Facebook, Google, etc as OAuth2 client. If it's the second part, I would suggest skipping Spring Security OAuth2 and instead look at Spring Social project.

Edit: For creating an OAuth2 Provider, check out this code by Dave Syer (he is the lead of Spring Security OAuth project) . It shows how you can create an OAuth2 Provider and Resource Server in 20 lines of code. This is the easiest way to create Spring Security OAuth code. https://github.com/dsyer/sparklr-boot

It uses Spring Boot and Spring Security OAuth projects. Of course, you'll have to understand Spring Security, JavaConfig configuration and the OAuth2 protocol properly to understand how all of this works.


Authorization Code is redirection based flow, in most application when we login via Facebook or google we use this grant type.

Implicit is used mostly in mobile or single page application, Client confidentiality is not guaranteed here. This also has a redirect flow similar to Authorization Code. This does not support refresh token.

Password Grant Type is used when client application and resource owner belong to same application, this is goin to be case when your application is end to end working. Here we are sharing username and password. unlike the above two where we authenticate via Facebook or google.

Client Credentials: its a way to access it own service. like one microservice to access another microservice.