I know that the OAuth2.0 protocol receives code, from the client and uses code in exchange for token and openID
in the background, but I don"t quite understand. When you see QQ logging into these third-party api, you can directly obtain token and openID, without code. Does it mean that the mobile third-party login does not have to be verified in this way? How on earth is the mobile third-party login verified?