OAuth is important for single sign on API access and for authentication of users.
Authorization/Authentication are important things to implement in order to keep user information secure as well as application information.
OAuth(Open-standard Authorization Protocol) describes how unrelated servers and services can safely allow authenticated acces to their assets without actually sharing the initial, related, single logon credential.
An example would be when you’re trying to sign in to netlify and you can sign in with GitHub.
OpenID is a single sign in protocol where users would create a single account to sign into multiple sites.
Authentication verifies the identity of whoever is signing in while authorization determines what the user has the permission to do.
Authorization code flow is: “Exchanging an authorization code for a token” source
Authorization Code Flow with proof key for code exchange(PKCE) is mitigation of additional security by providing the user with a PKCE.
Implicit Flow with Form Post is intended for public clients or apps. which are unable to securely store Client Secrets. It offers a streamlined workflow if the app. needs only an ID token to perform user auth. source
Client Credentials Flow allows client to obtain an access token by presenting its client credentials to the server.
Device authorization flow is when a device redirects a user to a link to authorize.
Resource Owner Password Flow requests that users provide username and password.