- tags
- Security
Authorization Code in OAuth2
#
- is like redemable coupon with short time to live and can be exchanged at Authorization Server with Access Token.
- auth code introduces addition of time factor for Security
- redirect_uri is part of the identity of the application
- redirect_url that redirects to the app url that is owned by the application.
- one time use and short lived and active for typically for less than a minute
What It Is
#
- A temporary code provided by the authorization server to the client after the user has authenticated and authorized the client.
Purpose
#
- Serves as an intermediate step in obtaining an Access Token, exchanged by the client for an access token in a subsequent request.
Security
#
- Adds an extra layer of security by reducing the risk of access token exposure, especially in environments like web browsers.
Flow
#
- User Authorization: User logs in and authorizes the client application to access their resources through the authorization server.
- Code Issuance: Post-authorization, the server redirects the user back to the client with the authorization code.
- Token Exchange: The client sends a request including the code and its credentials to the server, which responds with an access token.
Usage
#
- Common in web applications where the client can securely store credentials and make server-side requests to exchange the code for an access token.