authorization_code grant type support

[davidwen]

In the README, when describing the /token endpoint, authorization_code is listed as a supported grant type:

This is an OAuth2 endpoint that currently implements the password, refresh_token, and authorization_code grant types

From looking at the source (api/token.go), it doesn't seem like authorization_code is actually supported as a grant type.

Just curious which of the following is accurate:

• authorization_code will be supported in the future
• authorization_code was supported, but then dropped
• authorization_code never was planned to be supported and was mistakenly added to the README

Thanks!

[ryanhiebert]

I noticed that documentation as well, so I went looking to see how I could get one of those nifty authorization_codes, but didn't find anything about that. I would also appreciate knowing more about how that came to be in the docs.

[ryanhiebert]

Did a little git blame sleuthing and poking around. It seems like when that was added it was supported, after a sense, but it was never intended for what I'd have assumed from a /token endpoint. Instead, it was somehow for external OAuth providers to use. My best guess atm is that they were overloading the /token endpoint to also be the redirect URL for external OAuth. As you noticed, I don't see anything about that in the current version of that file.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had activity in 1 year. It will be closed in 7 days if no further activity occurs. Thanks!

[github-actions[bot]]

This issue was closed because it had no activity for over 1 year.