7Mar
capture authorization code programmatically in OAuth 2.0
In a standard OAuth auth code Grant flow, user is redirected to authorization server page where he provides consent to allow the requesting app to perform some actions on his behalf, after which a browser redirects the user to a redirect URI with auth code. Application then exchanges this code with authorization server to get an Access token..
Consider a scenario where user has already given consent or consent is somehow implicit (i.e., user is not required to interact with the authorization server consent page).. in this case, is it acceptable to use an http client with redirection disabled as the user agent instead of browser and capture the Location
header of the redirection response from the authorization server ?