A closer look at the authorization code grant flow

Our server-side application would like to view the profile and feed data of the user who is using the application. In order to do this, WMIIG must first get authorization from the user by sending them to the service provider's authorization endpoint, passing along with it various properties describing the request. This step is nearly identical to how we did it for the implicit grant flow, with one important difference which we will get to shortly.

Here, the user is presented with the user consent screen, where they have the option of either accepting or denying the request. Once the user either accepts or denies, the response is sent back to WMIIG via the redirection endpoint. If the user accepts, ...

Get Mastering OAuth 2.0 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.