/
Try Authorization Code Grant

This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Try Authorization Code Grant

May 01, 2016

The Authorization Code Grant is one of the grant types in the OAuth 2.0 specification. For more information about this grant type, see  Authorization Code Grant.

Before you begin, you must first  set up the sample webapp. 

This section demonstrates the Authorization Code Grant with PKCE and without PKCE. 

The Proof Key for Code Exchange (PKCE) is a specification supported by WSO2 Identity Server to mitigate code interception attacks. See Mitigating Authorization Code Interception Attacks to configure PKCE for an OAuth application.

Running the application (without PKCE) 

  1. Visit the URL http://localhost:8080/playground2/oauth2.jsp to start the application.

  2. Enter the following details and click Authorize .


  3. Log in with the user credentials.

  4. Click Approve to consent to this action.

  5. Provide the following details and click on Get Access Token.

     

  6. At this point the application receives the Access Token .

  7. Click on Get Photos.

  8. Now you should be able to see the user photos.

Running the application (with PKCE) 

  1. Visit the URL http://localhost:8080/playground2/oauth2.jsp to start the application.

  2. Enter the following details and click Authorize.

     

  3. Log in with the user credentials.

  4. Click Approve to consent to this action.

  5. Provide the following details and click on Get Access Token.

     

  6. At this point the application receives the  Access Token .

  7. Click on Get Photos.

  8. Now you should be able to see the user photos.