<div dir="ltr">I guess you meant: "why do we need authorisation code and not go for access token right from start?"<div><div>What you're asking for is what is the difference between implicit grant and authorization grant. </div><div><br></div><div>See authorization code grant flow:</div><div><a href="http://tools.ietf.org/html/rfc6749#section-4.1">http://tools.ietf.org/html/rfc6749#section-4.1</a><br></div><div><br></div><div>See implicit grant:</div><div><a href="http://tools.ietf.org/html/rfc6749#section-4.2">http://tools.ietf.org/html/rfc6749#section-4.2</a><br></div><div><br></div><div>On natives app we work with authorization code grant because: natives app are capable of keeping a secret from end-user which is not the case for web-browser app ;)</div><div>- no trolling - </div><div><br></div><div>As you can see in the spec diagram the authorization code is provided by a user-agent (through external browser or webview), the code is temporary (10 min for facebook for ex.). whereas the access token comes from authz server directly. Tokens live longer (1 or 2 hours life time) and even more for refresh token (sometime with or without expiration).</div><div><br></div><div>As you pointed it: there are differences in implementation depending on providers. For ex, Facebook does not have refresh token but have the concep of short-lived long-lived token.</div><div><br></div><div>++</div><div>Corinne</div><div>PS: Always reply to mail-list so that others can follow the discussion. Your questions are interesting and may help others dev :)</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 17 March 2015 at 16:35, Денис Карпенко <span dir="ltr"><<a href="mailto:banddk1@gmail.com" target="_blank">banddk1@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Oh yes, I've forgotten about public, thank you )<div>OK, I hope my code will start to work soon )</div><div>I asked question in mailing list but nobody answered me (</div><div><span style="font-size:13px">Why do we get access code ? I can change response type on token, and vk sends token to application. Facebook doesn't send token without code, doesn't it?</span><br></div><div><span style="font-size:13px"><br></span></div><div><span style="font-size:13px">Denis.</span></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2015-03-17 18:07 GMT+03:00 Corinne Krych <span dir="ltr"><<a href="mailto:corinnekrych@gmail.com" target="_blank">corinnekrych@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">The reason is because <span>extractCode:</span><span>completionHandler: </span> defined in OAuth2Module is not public.<div>So far this method didn't need any override from current provider so it was internal.</div><div><br></div><div>Make it public and you'll be able to override it. Once you've got some working code we can discuss API.</div><div><br></div><div>++</div><span><font color="#888888"><div>Corinne</div></font></span></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On 17 March 2015 at 15:58, Денис Карпенко <span dir="ltr"><<a href="mailto:banddk1@gmail.com" target="_blank">banddk1@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">6.1.1</div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2015-03-17 16:37 GMT+03:00 Corinne Krych <span dir="ltr"><<a href="mailto:corinnekrych@gmail.com" target="_blank">corinnekrych@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Which xcode are you on?<br>
6.1.1? 6.2 or latest 6.3beta?<br>
<br>
++<br>
Corinne<br>
<span>> On 17 Mar 2015, at 14:10, Денис Карпенко <<a href="mailto:banddk1@gmail.com" target="_blank">banddk1@gmail.com</a>> wrote:<br>
><br>
> Hello!<br>
> Look at the screenshoot please ) Why doesn't Xcode see methods of OAuth2Module class ? I'm sure that OAuth2Module class has these methods)<br>
> I suppose, it is associated with Pods.<br>
</span>> <2015-03-17 04.00.09 pm.jpg><br>
><br>
> Denis.<br>
<br>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>