Understanding The Authorization Code Grant

In this video, you will be guided through the intricacies of the Authorization Code Grant flow using FusionAuth’s sandbox environment. This simple example aims to be accessible to everyone, so follow along and let’s dive into the details.

The Authorization Code Grant is a widely used method in OAuth 2.0 for enabling users to securely authenticate with third-party applications. For the tech nerds in the house that is RFC6749. This method involves redirecting the user to an authorization server, obtaining an authorization code, and then exchanging that code for an access token. Let’s break this process down step-by-step.

Our journey begins by navigating to the admin application for FusionAuth. Initially, the URL https://sandbox.fusionauth.io/admin points to FusionAuth’s admin UI, which then delegates authentication to FusionAuth itself. This delegation redirects us to the hosted login page that is both themed and customizable.

In the below example, you’ll use a customized login page from one of our clients as an example. You will notice familiar elements such as email and password fields, but there’s a distinct branding as intended by Private Division. Once logged in, we proceed through the authentication flow and get redirected to the Admin UI.

Leave a Comment