OAuth 2.0 Authorization Code Flow

sequenceDiagram autonumber participant User as 👤 User (Browser) participant Client as 💻 Client App (RP) participant AuthServer as 🔐 Auth Server (IDP) participant ResourceServer as 🗄️ Resource Server (API) User->>Client: Click "Login with Provider" Client->>AuthServer: Redirect to Auth Page (Client ID, Scope, State) AuthServer->>User: Show Login & Consent Prompt User->>AuthServer: Authenticate & Grant Access AuthServer->>Client: Redirect with Auth Code (Code, State) Client->>AuthServer: Exchange Code for Token (Code, Client Secret) AuthServer->>Client: Return Access Token (+ ID Token, Refresh Token) Client->>ResourceServer: Request Data (Access Token) ResourceServer->>Client: Return Protected Resource Client->>User: Logged in & Display Data