OAuth 2.0 Authorization Process(Code Grant Flow)

Hello, as you already know, I’m Kindson The Genius and I’m here to help you understand tech concept very easily. You let me know what you would like to learn.


Today I would just outline the OAuth 2.0 Authorization Process, that is the steps and the flow diagram. No much details though.

Find more details here: What is OAuth and OpenID
Video explanation: Vidoe explanation


OAuth 2.0 Authorization Steps
Step 1: User visits a websit eg. kindsonthegenius.blogspot.com (App)
Step 2: App asks user for authentication though Facebook
Step 3: A consent screen is displayed to the user and user accepts to allow access
Step 4: IdP sends a code to the user (IdP stands for Identity Provider)
Step 5: User sends to code to the App via a redirect link
Step 6: App request for access token from the IdP using the code it has received
Step 7: The IdP checks the access code is valid and then send the access token to the App.
Step 8: App then requests access to restricted resources in the resource server by presenting its access token.
Step 9: Resource server checks with the IdP to make sure access token is valid and then grants access to the resources.


  • The flow may  have some variations depending on the particular implementation
  • The IdP is also known as the Authorization Server
  • The IdP and the Resource Server are sometimes in the same place.

Find more details here: What is OAuth and OpenID?

Video explanation: Vidoe explanation