OAuth2 Authorization Code Flow Demo
This interactive demo shows the complete OAuth2 authorization code flow. Follow the steps below to see how authorization codes are issued, exchanged for tokens, and used to access protected resources.
Step 1: Authorization Request
Start the OAuth2 flow by submitting an authorization request. This simulates a user logging in to grant permission to a client application.
Authorization Code Issued
Step 2: Token Exchange
Exchange the authorization code for access and ID tokens. This step validates the code and issues tokens that can be used to access protected resources.
Tokens Issued
JWT Format:
..
..
Header
Payload (Claims)
Custom Claims
Standard Claims
Header
Payload (Claims)
Custom Claims
Standard Claims
Step 3: UserInfo Request
Use the access token to retrieve user information from the
protected UserInfo endpoint. The Bearer token format is used:
Bearer <access_token>
⚠️ This token has expired. Return to Step 2 to exchange for a new token, or continue to see how the API handles expired tokens.
User Information
Flow Timeline
1. Authorize
Request authorization code
2. Token Exchange
Get access & ID tokens
3. UserInfo
Access protected resource