A high-level architecture diagram that explains how a web application uses the SDK library to perform a three-legged authentication flow for OAuth 2.0 and OpenID Connect 1.0. This three-legged flow uses the authorization code grant type.

After the user requests a protected URL, Oracle Identity Cloud Service displays the Sign In page. The user submits their login credentials, and then Oracle Identity Cloud Service issues an authorization code to the web application through the web browser. The web application uses the SDK to exchange the authorization code for an access token, and then displays content for the user.