Authorization code flow

The web applications that request API resources through their servers follow through the authorization code flow to obtain authorization code. That further exchanges with the authorization server to receive access and refresh tokens. Also, the implementation of authorization code flow for web applications provides crucial security benefits such as client authentication before producing authorization code and server-to-server communication without exposing tokens to others.

The flowchart below illustrates the authorization code grant flow, where an access token is generated, and then used in an API request: