Developing Applications Using Cisco Core Platforms and APIs (DEVCOR) — Question 335

Which step is part of a three-legged OAuth2 authorization code grant flow?

Answer options

• A. Use authorization codes to access protected resources when approved.
• B. Exchange tokens for authorization codes by using the authentication server.
• C. A user initiates a request to the OAuth client by using a predefined token.
• D. The OAuth client redirects to the authorization server by using a username and password.

Correct answer: B

Explanation

The correct answer, B, describes the process of exchanging authorization codes for tokens, which is a fundamental step in the OAuth2 flow. Option A incorrectly suggests that authorization codes are used directly to access resources, while C misrepresents the initiation of the flow and D incorrectly implies that the OAuth client uses username and password for redirection, which is not part of the three-legged flow.