Reference pages
Use these pages as reference documentation when implementing the authorization code grant flow in your application. Adapted from The OAuth 2.0 Authorization Framework specification [RFC 6749].
An overview of the authorization code grant flow
Figure 3 from RFC 6749
The steps are as follows:
A: The client application initiates the flow by sending the user's user-agent to the appropriate authorization endpoint.
B: The authentication server of the service provider authenticates the resource owner and attempts to gain consent by presenting the user consent form.
C: Assuming the user grants consent, the authorization server redirects the user back to the client application via the redirection endpoint provided in the authorization request. The redirection endpoint will include an authorization code and any state provided by the client.
D: The client requests an access token from the service provider's token endpoint by including the authorization code received in the previous step...
