I guess you meant: "why do we need authorisation code and not go for access token right from start?"

What you're asking for is what is the difference between implicit grant and authorization grant.

See authorization code grant flow:

http://tools.ietf.org/html/rfc6749#section-4.1

See implicit grant:

http://tools.ietf.org/html/rfc6749#section-4.2

On natives app we work with authorization code grant because: natives app are capable of keeping a secret from end-user which is not the case for web-browser app ;)

- no trolling -

As you can see in the spec diagram the authorization code is provided by a user-agent (through external browser or webview), the code is temporary (10 min for facebook for ex.). whereas the access token comes from authz server directly. Tokens live longer (1 or 2 hours life time) and even more for refresh token (sometime with or without expiration).

As you pointed it: there are differences in implementation depending on providers. For ex, Facebook does not have refresh token but have the concep of short-lived long-lived token.

Corinne

PS: Always reply to mail-list so that others can follow the discussion. Your questions are interesting and may help others dev :)

On 17 March 2015 at 16:35, Денис Карпенко <banddk1@gmail.com> wrote:

Oh yes, I've forgotten about public, thank you )
OK, I hope my code will start to work soon )
I asked question in mailing list but nobody answered me (
Why do we get access code ? I can change response type on token, and vk sends token to application. Facebook doesn't send token without code, doesn't it?

Denis.

2015-03-17 18:07 GMT+03:00 Corinne Krych <corinnekrych@gmail.com>:
The reason is because extractCode:completionHandler: defined in OAuth2Module is not public.
So far this method didn't need any override from current provider so it was internal.

Make it public and you'll be able to override it. Once you've got some working code we can discuss API.

++
Corinne

On 17 March 2015 at 15:58, Денис Карпенко <banddk1@gmail.com> wrote:
6.1.1

2015-03-17 16:37 GMT+03:00 Corinne Krych <corinnekrych@gmail.com>:
Which xcode are you on?
6.1.1? 6.2 or latest 6.3beta?

++
Corinne
> On 17 Mar 2015, at 14:10, Денис Карпенко <banddk1@gmail.com> wrote:
>
> Hello!
> Look at the screenshoot please ) Why doesn't Xcode see methods of OAuth2Module class ? I'm sure that OAuth2Module class has these methods)
> I suppose, it is associated with Pods.
> <2015-03-17 04.00.09 pm.jpg>
>
> Denis.