Typically used by Single-page applications. After authorisation, access Token and ID Token are returned directly to the application as fragment component of the Redirection URI.
Typically used by mobile and single-page applications. Application includes a code challenge in authorisation request. Rest of the flow is similar to authorization code flow but now token endpoint will match authorization code with code challenge.
Combination of implicit flow and authorization code flow i.e. some tokens are returned from the authorization endpoint as fragment in redirect URI and others are exchanged from the token endpoint.
Typically used by server side applications or backend services to obtain an access token outside of the context of a user.
Typically used by private clients including mobile apps, server-side applications to exchange a refresh token for an access token when the access token has expired.