2👍
✅
When using the authorization code flow, your web server/app receives an authentication code when the user authenticates. This particular flow involves one more step as you have already realised – exchanging the authorization code for an access token.
You’d need to to make a call like this to exchange the auth code for an access token,
POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded
code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&
client_id=8819981768.apps.googleusercontent.com&
client_secret={client_secret}&
redirect_uri={your_redirect_uri}&
grant_type=authorization_code
Please note, in this particular flow it’s a two step authentication – authenticating the user and then the app that makes the calls on behalf of the user. Read this link if you need more info on this.
Source:stackexchange.com