AuthCode

AuthCode, short for authorization code, is a credential used in OAuth 2.0 and OpenID Connect flows. It is issued by the authorization server to the client after the resource owner authenticates and consents. The code is a temporary, one-time value that the client can exchange for an access token, and optionally a refresh token, via a server-to-server request.

In typical operation, the client directs the user-agent to the authorization endpoint with parameters such as

Security properties are integral to the design. The code is intended for single use and has a

AuthCode flows are widely used for server-side applications and other capable clients. OpenID Connect commonly uses