Difference between revisions of "Authorization Code flow description"
Pavel.lobko (talk | contribs) |
Pavel.lobko (talk | contribs) |
||
| Line 1: | Line 1: | ||
{{DISPLAYTITLE:OAuth2 Access code flow using i2Rest bridge mode description}} | {{DISPLAYTITLE:OAuth2 Access code flow using i2Rest bridge mode description}} | ||
The authorization code grant type is used to obtain both access | The authorization code grant type is used to obtain both access | ||
| − | + | tokens and refresh tokens and is optimized for confidential clients. | |
| − | + | Since this is a redirection-based flow, the client must be capable of | |
| − | + | interacting with the resource owner's user-agent (typically a web | |
| − | + | browser) and capable of receiving incoming requests (via redirection) | |
| − | + | from the authorization server. | |
[[File:Bridge flow scheme.png|600px]] | [[File:Bridge flow scheme.png|600px]] | ||
---- | ---- | ||
[[I2Rest_Client|Back to i2Rest Client]] | [[I2Rest_Client|Back to i2Rest Client]] | ||
Revision as of 14:33, 22 May 2020
The authorization code grant type is used to obtain both access
tokens and refresh tokens and is optimized for confidential clients.
Since this is a redirection-based flow, the client must be capable of
interacting with the resource owner's user-agent (typically a web
browser) and capable of receiving incoming requests (via redirection)
from the authorization server.
