What is an Authorization Code Grant? OAuth 2.0

authorization code grant

An Authorization Code is a temporary code used by the client to exchange for an Access Token.

In OAuth 2.0, an Authorization Code Grant is used by confidential and public clients to exchange an authorization code for an Access Token. Once the user returns to the client via the redirect URL, the application receives the authorization code from the URL which is used to request an Access Token

OAuth Security:

Until the year 2019, OAuth 2.0 recommended using the PKCE extension for mobile and JavaScript apps, whereas in the latest spec, OAuth Security BCP now recommends using PKCE also for server-side apps.

Example of Authorization Code Grant URL:
&scope= postal_code
Request Parameters:
client_id  -> REQUIRED, it is the identifier for your app
scope  -> REQUIRED
response_type -> REQUIRED
redirect_uri  -> REQUIRED
code_challenge  -> RECOMMENDED
code_challenge_method  -> RECOMMENDED 
Try Out Code2care Dev Tools:


Code2care is an initiative to publish and share varied knowledge in programming and technical areas gathered during day-to-day learnings and development activities.

Students and software developers can leverage this portal to find solutions to their various queries without re-inventing the wheel by referring to our easy to understand posts. Technical posts might include learnings, tutorials, trouble-shooting steps, video tutorials, code snippets, how-to, blogs, articles, etc.

🎉 We are celebrating the 10th years of Code2care! Thank you for all your support!

We strongly support Gender Equality & Diversity.