What is an Authorization Code Grant? OAuth 2.0


authorization code grant

An Authorization Code is a temporary code used by the client to exchange for an Access Token.

In OAuth 2.0, an Authorization Code Grant is used by confidential and public clients to exchange an authorization code for an Access Token. Once the user returns to the client via the redirect URL, the application receives the authorization code from the URL which is used to request an Access Token

OAuth Security:

Until the year 2019, OAuth 2.0 recommended using the PKCE extension for mobile and JavaScript apps, whereas in the latest spec, OAuth Security BCP now recommends using PKCE also for server-side apps.

Example of Authorization Code Grant URL:
https://www.code2care.org/ap/oa
?client_id=123456
&scope= postal_code
&response_type=code
&state=2022124|2033|1024
&redirect_uri=https://client.xyz123.com/auth_popup/token
&code_challenge=Ae1b3AYZIc1p4kU9a135XqOhVL2K14ae2I2V_sfajw
&code_challenge_method=S256
Request Parameters:
client_id  -> REQUIRED, it is the identifier for your app
scope  -> REQUIRED
response_type -> REQUIRED
redirect_uri  -> REQUIRED
state -> RECOMMENDED
code_challenge  -> RECOMMENDED
code_challenge_method  -> RECOMMENDED 

Top Hashtags:

Advertisements

Advertisements




Advertisements