'OAuth 2.0 - Does the authorization server directly sends the auth code to the redirect URI that the user specified?

Does the authorization server directly sends the auth code to the Redirect URI that the client specified or else Is there an Intermediate to whom the auth code will be sent first? If the auth code will be sent to the redirect URL ,then that redirect URL is an endpoint of the client's backend server?

oauth-2.0redirect-uriauthorization-server


Solution 1:[1]

Yes, the authorization code is sent from the authorization server to the web-backend-server via the browser redirect URL

Why via the browser: Because it's the application the user used to consent/login

Why auth code not token: Because URLS are visible in browser and network appliances

The step after that is the web-backend-server will exchange the auth code with a token from the auth server

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Majid ALSarra

Related Questions

No authentication handler is registered for the scheme 'Cookies'. The registered schemes are: Application, Bearer, ASOS

Modern Oauth2 authentication for sending mails using Nodemailer nodejs

Spring Security: How to use a UserDetailsService with JwtAuthenticationProvider?

How do I validate a JWT using JwtSecurityTokenHandler and a JWKS endpoint?

Change the preferred_username in token for client credential grant flow

How to convert guild.permissions number into an array of persmissions discord.js oauth2

how to config apache jmeter 2.6 oauth 2.0

oauth-private.key does not exist or is not readable

ASP.NET Web API Google OAuth keep return "Access Denied"

Java - OAuth 2 using restTemplate to get login with refresh token (StackOverFlowError)

AWS Cognito; unauthorized_client error when hitting /oauth2/token

AWS Cognito; unauthorized_client error when hitting /oauth2/token

Salesforce OAuth User Agent Flow: obtain refresh token with

JWT "invalid_grant" in Signature in Google OAuth2

"Full authentication is required to access this resource" on spring oauth2 authorization server on /oauth/token request