wouldn't it better to align with RFC6749 and use code?
also, would probably better to point to https://www.rfc-editor.org/rfc/rfc6749.html#section-1.3.1 as to the definition of authorization code returned from the authorization challenge endpoint, because right now it does not seem to be explicitly well-defined and you probably don't want to duplicate the existing text.
wouldn't it better to align with RFC6749 and use
code
?also, would probably better to point to https://www.rfc-editor.org/rfc/rfc6749.html#section-1.3.1 as to the definition of authorization code returned from the authorization challenge endpoint, because right now it does not seem to be explicitly well-defined and you probably don't want to duplicate the existing text.