To further enhance the security of the YaaS ecosystem, the Authorization Code Grant flow is implemented. Use the Authorization Code Grant flow in scenarios where you cannot trust the client application, and you cannot allow the client application to store the client ID and client secret.
Learn more about the Authorization Code Grant flow:
- Read the OAuth2 specification.
- See the Authorization Code Grant flow diagram in the Overview of the OAuth2 service documentation.
- Learn how to request an authorization code and exchange it for an access token in the Grants section of the OAuth2 service documentation.
If you find any information that is unclear or incorrect, please let us know so that we can improve the Dev Portal content.
Use our private help channel. Receive updates over email and contact our specialists directly.
If you need more information about this topic, visit hybris Experts to post your own question and interact with our community and experts.