

Try Authorization Code Grant¶

The Authorization Code Grant is one of the grant types in the OAuth 2.0 specification. For more information about this grant type, see Authorization Code Grant.

Before you begin

You must first set up the playground sample webapp. in order to try the following scenario.

This section demonstrates the Authorization Code Grant with PKCE and without PKCE.

Info

The Proof Key for Code Exchange (PKCE) is a specification supported by WSO2 Identity Server to mitigate code interception attacks. See Mitigating Authorization Code Interception Attacks to configure PKCE for an OAuth application.

Running the application (without PKCE)¶

Visit the URL http://localhost.com:8080/playground2/oauth2.jsp to start the application.
Enter the following details and click Authorize. For information on how to obtain these authorization details, see Configuring OAuth2-OpenID Connect.

Authorization Grant Type: Authorization Code

Client ID: (the client id received at the application registration

Callback URL: http://localhost.com:8080/playground2/oauth2client

Authorize Endpoint: https://localhost.com:9443/oauth2/authorize

Scope: Any scope you wish to obtain the token for (Optional)
Tip

The playground application will send an authorization request the authorize endpoint of the WSO2 Identity Server using the following format.
```
https://<host>:<port>/oauth2/authorize?response_type=code
&client_id=<client-ID>
&redirect_uri=<callback-url>
&scope=<scope>
```
Example
```
https://localhost.com:9443/oauth2/authorize?response_type=code
&client_id=Cx4LKFNObeuXocx7xgOpz5vfzFoa
&redirect_uri=http://wso2is.local:8080/playground2/oauth2client
&scope=openid
```
Log in with the user credentials.
Click Allow.
Provide the following details and click Get Access Token.
- Callback URL: http://localhost.com:8080/playground2/oauth2client
- Access Token Endpoint: https://localhost.com:9443/oauth2/token
- Client Secret: (client secret received at the application registration)
Now you should be able to view the information as shown below.

Running the application (with PKCE)¶

Visit the URL http://localhost.com:8080/playground2/oauth2.jsp to start the application.
Enter the following details and click Authorize.

Authorization Grant Type: Authorization Code
Client ID: (the client id received at the application registration)
Callback URL: http://localhost.com:8080/playground2/oauth2client
Authorize Endpoint: https://localhost.com:9443/oauth2/authorize
Use PKCE: Yes
PKCE Challenge Method:
Log in with the user credentials.
Click Allow.
Provide the following details and click Get Access Token.
- Callback URL: http://localhost.com:8080/playground2/oauth2client
- Access Token Endpoint: https://localhost.com:9443/oauth2/token
- Client Secret: (client secret received at the application registration)
Now you should be able to view the information as shown below.