What is an Authorization Code Grant? OAuth 2.0

Created: 26th Jan 26 1 Views

Review needed

Verified

An Authorization Code is a temporary code used by the client to exchange for an Access Token.

In OAuth 2.0, an Authorization Code Grant is used by confidential and public clients to exchange an authorization code for an Access Token. Once the user returns to the client via the redirect URL, the application receives the authorization code from the URL which is used to request an Access Token

OAuth Security:

Until the year 2019, OAuth 2.0 recommended using the PKCE extension for mobile and JavaScript apps, whereas in the latest spec, OAuth Security BCP now recommends using PKCE also for server-side apps.

Example of Authorization Code Grant URL:

https://www.code2care.org/ap/oa
?client_id=123456
&scope= postal_code
&response_type=code
&state=2022124|2033|1024
&redirect_uri=https://client.xyz123.com/auth_popup/token
&code_challenge=Ae1b3AYZIc1p4kU9a135XqOhVL2K14ae2I2V_sfajw
&code_challenge_method=S256

Request Parameters:

client_id  -> REQUIRED, it is the identifier for your app
scope  -> REQUIRED
response_type -> REQUIRED
redirect_uri  -> REQUIRED
state -> RECOMMENDED
code_challenge  -> RECOMMENDED
code_challenge_method  -> RECOMMENDED

Comments & Discussion

Facing issues? Have questions? Post them here! We're happy to help!

Provide Feedback For This Article

We take your feedback seriously and use it to improve our content. Thank you for helping us serve you better!

Thanks for your feedback! If you have time, please provide details by selecting options below.

😊 Thanks for your time, your feedback has been registered!