Why is there an “Authorization Code” flow in OAuth2 when “Implicit” flow works so well?
With the “Implicit” flow the client (likely a browser) will get a access token, after the Resource Owner (i.e. the user) gave access. With the “Authorization Code” flow however, the client (usually a web server) does only get an authorization code after the Resource Owner (i.e. the user) gave access. With that authorization code the … Read more