This is one of the authorization grant mechanisms defined in the OAuth 2.0 standard (IETF RFC 6749). The authorization code grant type is used to obtain both access tokens and refresh tokens and is optimized for confidential clients but for which there is no established trust relationship. Since this is a redirection-based flow, the client must be capable of interacting with the resource owner’s user-agent (typically a web browser) and capable of receiving incoming requests (via redirection) from the authorization server. This authorization approach is adopted and adapted in the 1EdTech Security Framework.
