Use this grant type when you want to obtain an authorization code by using an authorization server as an intermediary between the client application and the resource owner.
The following diagram displays the Authorization Code Grant Type flow.
A user clicks a link in a web server client application, requesting access to protected resources.
The client application redirects the browser to the Oracle Identity Cloud Service authorization endpoint
oauth2/v1/authorizewith a request for an authorization code.
Oracle Identity Cloud Service Authorization Server returns an authorization code to the client application through a browser redirect after the resource owner gives consent.
The client application subsequently exchanges the authorization code for an access token, and often a refresh token.
Oracle Identity Cloud Service Authorization Server returns the access token to the client application.
The client application uses the access token in an API call to obtain protected data.
Note:Resource owner credentials are never exposed to the client.
|Requires client authentication||No|
|Requires client to have knowledge of user credentials||No|
|Browser-based end user interaction||Yes|
|Can use an external Identity Provider for authentication||Yes|
|Refresh token is allowed||Yes|
|Access token is in the context of the end user||Yes|
See an example Authorization Code Grant Type flow.