Refresher on the authorization code grant flow
Recall from Chapter 2, A Bird's Eye View of OAuth 2.0, the authorization code grant flow is the OAuth 2.0 flow used for trusted clients. These are typically web applications powered by some sort of backend. For example, an HTML/JS frontend powered by a Python server, or a Flash frontend powered by a Ruby on Rails backend. For our sample application, WMIIG, we will be building an HTML/JS frontend powered by a Java backend.
The addition of a server-side to the access token workflow makes the authorization code grant flow more secure and more powerful than the client-side implicit grant flow. We will see how as we proceed through this chapter. For now, recall that the authorization code grant flow looks like this:
In the context of our application, WMIIG (World's Most Interesting Infographic Generator), the sequence of steps would be as follows:
- The user visits WMIIG and initiates the process to see the world's most interesting infographic...
