I guess you meant: "why do we need authorisation code and not go for access token right from start?"
What you're asking for is what is the difference between implicit grant and authorization grant.
See authorization code grant flow:
See implicit grant:
On natives app we work with authorization code grant because: natives app are capable of keeping a secret from end-user which is not the case for web-browser app ;)
- no trolling -
As you can see in the spec diagram the authorization code is provided by a user-agent (through external browser or webview), the code is temporary (10 min for facebook for ex.). whereas the access token comes from authz server directly. Tokens live longer (1 or 2 hours life time) and even more for refresh token (sometime with or without expiration).
As you pointed it: there are differences in implementation depending on providers. For ex, Facebook does not have refresh token but have the concep of short-lived long-lived token.
++
Corinne
PS: Always reply to mail-list so that others can follow the discussion. Your questions are interesting and may help others dev :)