Authorization Code Flow (EN)

Concept

Secure OAuth 2.0 flow for authorizing web applications

Definition

The Authorization Code Flow is an OAuth 2.0 flow specifically developed for web applications and is considered more secure. It involves a multi-step process with an Authorization Code that is exchanged for Access Tokens. This flow enables secure authorization without sharing user login credentials and is the recommended method for server-side applications.

Architecture

sequenceDiagram     participant User     participant Client     participant Authorization Server     participant Resource Server      User->>Client: Access to protected resource     Client->>Authorization Server: Redirect to authentication     Authorization Server->>User: Enter login credentials     User->>Authorization Server: Login credentials     Authorization Server->>User: Redirect to client with Authorization Code     User->>Client: Redirect with Authorization Code     Client->>Authorization Server: Authorization Code + Client Credentials     Authorization Server->>Client: Access Token + Refresh Token     Client->>Resource Server: Request with Access Token     Resource Server->>Client: Protected resource

In Context

Typically used together with Implicit Flow and Client Credentials Flow
Related to: OAuth 2.0, O

Quelle: AI Generated