authorization code

RU: authorization code

A short-lived, single-use code returned by the authorization server to the client's redirect URI after the resource owner grants consent (RFC 6749 §4.1). The client exchanges it for tokens via a back-channel request to the token endpoint, so the tokens are never exposed to the browser.