B-fy highly recommends thisflow because is the most advanced flow in OpenID Connect. It is also the most flexible, that allows both mobile and web clients to obtain tokens securely.
The OpenID Authorization Code Flow, in abstract, goes through the following steps:
- The Client prepares an Authentication Request containing the desired request parameters.
- The Client sends the request to the Authorization Server.
- The Authorization Server Authenticates the End-User.
- The Authorization Server obtains End-User Consent/Authorization.
- The Authorization Server sends the End-User back to the Client with an Authorization Code.
- The Client requests a response using the Authorization Code at the Token Endpoint.
- The Client receives a response that contains an ID Token and Access Token in the response body.
- The Client validates the ID token and retrieves the End-User's Subject Identifier.
OpenIDspecreference: https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth