The authorization code flow is available to Clientswhich allow interaction with a human user. The Clientapplication displays a window with a web browser which sends an HTTP GET to the Identity Provider. When the human user enters credentials that the Identity Providervalidates the Identity Providerreturns an authorization code which is passed to the Authorization Service. The Authorization Service validates the code and returns an Access Token to theClient.

The complete flow is described in RFC 5392, 4.1.

A requestTypeof “authorization_code” in the UserTokenPolicy(see 6.5.2) means the Authorization Servicesupports the authorization code flow.