as we know Oauth2 authorize(not authenticate) an end user's account(resource owner) to be used by third-party services
generally there are 2 types access_token generating scheme
- authorization_code grant
- implicit grant flow
this flow allow other applications to use my user's resource.
- generally this application redirect to my server like login.myapp.com for login