[Solved] Which of the following is the correct OAuth 2.0 flow step to get an access token? - Ans: Client sends authorization code to the authorization server | Rest API

Rest API - Authentication and Authorization

Which of the following is the correct OAuth 2.0 flow step to get an access token?

AClient sends password directly to resource server

BClient sends authorization code to the authorization server

CResource server sends access token to client without request

DClient sends refresh token to user

Step-by-Step Solution

Solution:

Step 1: Identify OAuth 2.0 token exchange step
The client sends the authorization code to the authorization server to exchange it for an access token.
Step 2: Eliminate incorrect options
Client sends password directly to resource server is wrong because passwords are not sent directly. Resource server sends access token to client without request is wrong because tokens are sent after request. Client sends refresh token to user is wrong because refresh tokens are sent to the authorization server, not the user.
Final Answer:
Client sends authorization code to the authorization server -> Option B
Quick Check:
Authorization code sent to server = Step to get access token [OK]

Quick Trick: Authorization code sent to server to get token [OK]

Common Mistakes:

MISTAKES

Master "Authentication and Authorization" in Rest API

9 interactive learning modes - each teaches the same concept differently

More Rest API Quizzes

Which of the following is the correct OAuth 2.0 flow step to get an access token?