• #dev 2025-01-17
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2025-01-17 UTC
# 22:04
carrvo[d] The auth endpoint is likely only verifying an access code for authentication (no authorization). The token endpoint can return an access token that may either have claims embedded or can be traded for claims; that are then used for authorization. Also, the browser retrieves the access code whereas the client retrieves the access token (and relays it to the browser).