In this section, we will describe authentication code flow. This is a precise description, which, as you will see, will directly impact on the configuration of the authentication server. It assumes that client is a web application running inside the browser. As a result, you should interpret the terms used literally. For example, if we talk about a client redirecting a user to an authentication server, we literally mean the HTTP redirect of a browser to an address of an authentication server. As we've already suggested, you will see those operations later in this chapter, when we will finish securing the pet store application.
Let's take a look at a diagram of the flow now:
The user uses the client, which is a browser-based ...