What is OAuth 2.0 Authorization Code Grant?
Last updated on
16 February 2024
The Authorization Code Grant type is probably the most common OAuth 2.0 grant type. Authorization code grant is used by web and mobile applications. It requires the client to exchange an authorization code with the OAuth server for the access token.
The Drupal OAuth & OpenID Connect Login - OAuth2 Client SSO Login module supports the Authorization Code Grant type. It is also compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10.
How does Authorization Code Grant Type work?
The Authorization code grant has the following steps:
- User clicks on the SSO login link from Client Application (Drupal) and gets redirected to the Authorization server.
- The user enters their OAuth Server credentials (username and password) and the Authorization server validates them and generates a session at the OAuth server(If the user is not already logged in to the OAuth Server ). If the user is already logged in OAuth server, it executes the third step directly.
- OAuth server will ask for the user’s consent to let the client application (Drupal) access the user profile, If the user grants consent, the Authorization server redirects the user back to the client (Drupal) with an authorization code and a state in a query string.
- The Client makes a request to the token endpoint using the Authorization code, Client ID and Client Secret. The code, client ID and Secret gets validated at the OAuth server.
- In response to the token request, the Client receives an access token from the OAuth Server.
- The Client uses the access token to make a request to the Userinfo Endpoint to get the user data.
- OAuth Server validates the access token and returns the user information in a response to userinfo request.
-
Now, Client (Drupal) processes the user data and creates the user session.
Help improve this page
Page status: No known problems
You can:
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion