Full Title or Meme
In OAuth 2.0 an authorization grant is defined as:
An authorization grant is a credential representing the resource owner's authorization (to access its protected resources) used by the client to obtain an access token. This specification defines four grant types -- authorization code, implicit, resource owner password credentials, and client credentials -- as well as an extensibility mechanism for defining additional types.
- Once an Authorization Grant is issued as a Bearer Token is no practical way to Revoke it.
- OAuth 2.0 and OpenID Connect allow, but do not require User Consent before they are issued.
- Give Authorization Grants a short life time, like 5 to 10 minuets, which could create problems for long running interactions with a Subject.