在您获得令牌后,是否有理由存储OAuth 2.0授权码?
答案 0 :(得分:2)
No, the authorization code can be used only once anyway. See https://tools.ietf.org/html/rfc6749#section-10.5:
Authorization codes MUST be short lived and single-use. If the
authorization server observes multiple attempts to exchange an
authorization code for an access token, the authorization server
SHOULD attempt to revoke all access tokens already granted based on
the compromised authorization code.