There are two calls; one to the authorize endpoint returning a code and one to the token endpoint sending the code back.
So this is the authorization code grant flow; not implicit. It uses PKCE - a flow that is only available with the authorization code grant.
Distraction-free reading. No ads.
Organize your knowledge with lists and highlights.
Tell your story. Find your audience.
Read member-only stories
Support writers you read most
Earn money for your writing
Listen to audio narrations
Read offline with the Medium app
NZ Microsoft Identity dude and MVP. Entra ID/Entra External ID/Azure AD B2C/VC. StackOverflow: https://bit.ly/2XU4yvJ Presentations: http://bit.ly/334ZPt5
