In this story we will be discussing about the Authorization code flow, the basics of OAuth, when to use, how to register is already covered in my previous story.
In Short what is happening here is,
- Client opens the application
- Client app requests for the access token from auth server.
- Auth server asks the client to choose IDP
- Now the user login’s with the selected IDP
- The IDP ask user consent about the data sharing.
- User allows the IDP to share the information
- The Auth server gets the auth code
- Auth Code is exchanged with IDP for Access token
- After getting the access token, the Resource server is hit and the user data is provided for the access token.
The advantage of Code Flow over the Implicit is that, it provides two layers of security.
- Getting the authorization code
- Exchange authorization code with the access token.
Where as in Implicit flow we get the access token directly, when the user logs in and provides the consent.
