Have you ever signed into a website via Facebook, LinkedIn, or Google? For example, you're visiting a news website and you wanted to leave a comment on an article, and instead of creating an account there you just signed in by clicking on a button and choosing "Approve" in Facebook?
This is just one of the many examples where OAuth 2.0 is successfully and massively used, and this kind of flow—the redirecting between the website and Facebook and back—is based on the authorization code grant, probably the most frequently used OAuth 2.0 grant.
In the OAuth 2.0 authorization framework specification (RFC 6749), this grant is defined in Section 4.1.
We can notice the following characteristics ...