Overview#

When the OAuth Client Redirect URI is accessed, the OAuth Client connects directly to the Authorization Server and creates Access Token Request which varies depending on the Grant Type but could include:

• grant_type - REQUIRED Value various depending on the Authorization Request
• code - REQUIRED The authorization code received from the Authorization Server which includes any Resource Owner (user) "Authorized" OAuth Scopes
• redirect_uri - if the "redirect_uri" parameter was included in the Authorization Request and their values MUST be identical.
• client_id - REQUIRED if the client is not authenticating with the Authorization Server as described in Section 3.2.1.
• Client Secret REQUIRED
• "Requested" OAuth Scopes

Extended Request Parameters#

• code_challenge REQUIRED (Proof Key for Code Exchange by OAuth Public Clients) - for Proof Key for Code Exchange by OAuth Public Clients
• code_challenge_method - OPTIONAL (Proof Key for Code Exchange by OAuth Public Clients) - defaults to "plain" if not present in the request. Code verifier transformation method, "S256" or "plain".
• resource - OPTIONAL (Resource Indicators for OAuth 2.0) - The value of the "resource" parameter indicates a resource server where the requested access token will be used.

The Proof Key for Code Exchange by OAuth Public Clients specification adds additional parameters (code_challenge and code_challenge_method to the OAuth 2.0 Authorization Request and Access Token Requests,

The OAuth Client then submits the Access Token Request to the token_endpoint

More Information#

There might be more information for this subject on one of the following:

• Access Token Request
• Access Token Response
• Code_challenge_method
• OAuth Parameters Registry
• Proof Key for Code Exchange by OAuth Public Clients
• Refresh Token
• Resource Parameter
• Token_endpoint