Part 1: Get Token from Code

The client needs to use the provided authorization_code to get a valid token

Authorization Code:

Token:

Refresh Token:

Part 2: Access Protected Resources from Token

If the client has a valid access token, client will be able to access protected resources

Success?

Part 3: Refresh Token

If client has a valid refresh token, send it up to get a new token