User Experience Considerations

4.4

In order for the authorization code grant to be effective, the authorization page must appear in a web browser the user is familiar with, and must not be embedded in an iframe popup or an embedded browser in a mobile app. As such, it is most useful for traditional “web apps” where the user is already in a web browser and redirecting to the server’s authorization page is not too jarring.