Why does the authorization code mode of Oauth2 have to obtain code? first?

Why does the authenticator mode in oauth2 have to go to the resource server to obtain a code before obtaining the token, and then use the code of the resource server to apply for token? from the resource server

after reading a lot of materials, it is said that the resource server will jump to a callback url, specified by us after the user confirms the authorization. If token is returned directly, anyone can see the token in the browser, then there is no security at all.

but I have a puzzle
that is why the resource server has to jump to the callback url given by the third-party site. If my url is an interface resource server, it can directly call back my interface without jumping through the browser. Then my server can directly token to my server, and then my server will decide how to jump after storing the token.
isn"t this simpler than authorization mode and safer than implicit mode

Authorization-code oauth
Mar.06,2021

excuse me, how does the server call back your interface?

for security and callback

Previous: A small problem about delete in CPP

Next: Using PHP to collect a large amount of data, how to improve access performance?

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
© 2021 CodesHelper
Advertising Contact us About us
Menu