The Authorization Code Grant Type is perhaps the foremost common of the OAuth 2.0 grant types that you’ll encounter. Both web apps and native apps can use it to get the access token after a user authorizes the app.
What is OAuth?
It is not a service or API. It is a standard to authenticate a connection between two interfaces. It works over HTTPS and authorizes devices, Servers, APIs, and applications with the help of access tokens instead of user credentials.
What is an OAuth 2.0 Grant Type?
In OAuth 2.0, the term “grant type” means the way an application gets an access token. OAuth 2.0 has several grant types, including the authorization code flow.
Every grant type is optimized for a specific use case, whether that’s a web app, a native app, or server-to-server applications.
The Code Flow
The web and mobile apps use the Authorization Code grant type. The process of this grant type is different from most of the other grant types by first requiring the app to launch a browser to begin the flow. The following steps are used to get access token:
- The application send login details to the Oauth server
- It opens an authorization screen.
- The user approves the request from the authorization screen
- The user gets redirected to a redirection URL with an authorization code in the query string
- The application uses the authorization code to send a request back to a URL.
- It sends a response with the access token
To know about how the code flow works, wait for my next blog on “How to use grant type code with Salesforce?”