Authorization Code
Understand the OAuth2 authorization code grant flow used by public and confidential clients to obtain access tokens securely. Explore the two-step process involving user redirection for login and token exchange with an authorization server. Learn how this method provides credentials through query and POST parameters, and how access and refresh tokens are issued to manage authentication sessions.
The authorization code grant is used by confidential and public clients to exchange an authorization code for an access token.
Step one
The client redirects the user to the authorization server appending the following parameters as a query string:
response typeclient_idredirect_uriscopestate