A closer look at the authorization code grant flow

Our server-side application would like to view the profile and feed data of the user who is using the application. In order to do this, WMIIG must first get authorization from the user by sending them to the service provider's authorization endpoint, passing along with it various properties describing the request. This step is nearly identical to how we did it for the implicit grant flow, with one important difference which we will get to shortly.

Here, the user is presented with the user consent screen, where they have the option of either accepting or denying the request. Once the user either accepts or denies, the response is sent back to WMIIG via the redirection endpoint. If the user accepts, ...

Get Mastering OAuth 2.0 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.