A step-by-step walkthrough of the OAuth 2.0 Authorization Code Flow using Keycloak as the Authorization Server. Covers the difference between OAuth 2.0 Authorization Code Grant Type and OpenID Connect Authorization Code Flow, explains the high-level architecture (Resource Owner, Client, Resource Server, Authorization Server), and demonstrates how to obtain an authorization code and exchange it for an access token via curl. Also shows how to simplify the two-step process using Postman's built-in OAuth 2.0 support, and explains how adding the 'openid' scope returns an id_token in addition to the access_token.
Table of contents
OAuth 2.0 High level ArchitectureAuthentication using Authorization Code FlowAuthorization Code Flow using PostmanGetting ID TokenSummarySort: