<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] (code) is a [response_type] value used within the [Authorization Request] to select the following [Grant Types] of [Authorization Code Flow]


The [Authorization Server] creates an [{$pagename}] and sends it to the [OAuth Client] ([OAuth Confidential Clients]) only after successful [Authentication Request] and [Authorization Server Request End-User Consent-Authorization] of the [Resource Owner].


[{$pagename}] is a [Sender Constrained Token] (For use by the [OAuth Client]).


[OAuth Client] presents the [{$pagename}] to the [Token_endpoint] on the [Authorization Server] to obtain an [Access Token].

The validity of the [{$pagename}] is limited to a few minutes as the [OAuth Client] is expected to obtain and [Access Token].

!! [OAuth 2.0] [Grant_type]
[{$pagename}] (&quot;code&quot;) is an [OAuth 2.0] [Authorization Grant] which is obtained by using an [Authorization Server] as an intermediary between the [OAuth Client] and the [Resource Owner].  

Instead of requesting [Authorization] directly from the [Resource Owner], the [OAuth Client] directs the [Resource Owner] to an [Authorization Server], via its [user-agent] as defined in [RFC 2616], which in turn directs the [Resource Owner] back to the [OAuth Client] with the [{$pagename}].

Before directing the [Resource Owner] back to the [OAuth Client] with the [{$pagename}], the [Authorization Server] [Authenticates] the [Resource Owner] and obtains [authorization|Authorization Request].  

Because the [Resource Owner] only [Authenticates] with the [Authorization Server], the [Resource Owner]'s [credentials] are never shared with the [OAuth Client].

The [{$pagename}] provides a few important security benefits, such as the ability to [authenticate] the [OAuth Client], as well as the transmission of the [Access Token] directly to the [OAuth Client] without passing it through the [Resource Owner]'s [user-agent] and potentially exposing it to others, including the [Resource Owner].


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>