Which step is part of a three-legged OAuth2 authorization code grant flow?
Which step is part of a three-legged OAuth2 authorization code grant flow?
The OAuth client redirects to the authorization server by using a username and password is correct because, in the OAuth2 authorization code grant flow, the client first redirects the user to the authorization server to authenticate. This process often involves sending the user's credentials (username and password). After successful authentication, an authorization code is granted, which the client can later exchange for an access token to access protected resources.
Cannot be A because authorization codes are NOT used to access protected resources, however Tokens are used which is what B states
A. Use authorization codes to access protected resources when approved: Explanation: This step is crucial in the OAuth2 authorization code grant flow. After the client receives an authorization code, it exchanges this code for an access token, which is then used to access protected resources. The access token represents the user’s authorization to access specific resources.
A. Use authorization codes to access protected resources when approved. The three-legged OAuth2 authorization code grant flow generally involves these steps: The client (usually a web browser) requests authorization from the resource owner (usually by directing them to an authorization server with a request for access). Once the resource owner authorizes the request, the authorization server redirects the client back to the application with an authorization code. The client then exchanges this authorization code for an access token by making a request to the authorization server. The access token is then used by the client to access the protected resources. So, the authorization codes are used to access protected resources when approved.
Option A is not correct because in the three-legged OAuth2 authorization code grant flow, the authorization code is used to obtain an access token, which is then used to access protected resources. The authorization code itself is not used to access resources directly; it is an intermediary step in the process.
3 Leg type, 2nd phase