The Authorization Code Flow (defined in OAuth 2.0 RFC 6749, section 4.1) involves exchanging an authorization code for a token.
This flow is suitable for confidential applications (such as Regular Web Applications) as the application’s authentication methods are included in the exchange and must be kept secure
