OAuth Authorization code flow

🔥More exclusive content: Twitter: Website: Blog: 00:00 What is the OAuth authorization code flow? 02:54 OAuth authorization code example walkthrough 06:16 exchanging authorization code for an access token 08:38 OAuth CSRF protection with state parameter and PKCE 10:16 OAuth authorization code grant for server side rendered apps 11:15 conclusion The authorization code flow is a way with which a client ( a third party application) can obtain an access token that provides it limited access to an HTTP service on behalf of a user. The client initiates the authorization code flow by redirecting the user to the authorization server with client id, state, scopes and a redirect URl as query parameters. There, the user is asked to log into his account and confirm that he wants the third party application to access his account on his behalf. Once approved, the person gets redirected back to the client application with an authorization code in the query parameters. The application can then go and exchange this authorization code for an access token. If the client is a confidential client, then a client secret is also needed to exchange the authorization code for an access token. Depending on the scopes that the client requested it may also receive a refresh token which allows it get fresh access token in case the current access token has expired.