Why does the authorization code mode of Oauth2 have to obtain code? first?

Why does the authenticator mode in oauth2 have to go to the resource server to obtain a code before obtaining the token, and then use the code of the resource server to apply for token? from the resource server

after reading a lot of materials, it is said that the resource server will jump to a callback url, specified by us after the user confirms the authorization. If token is returned directly, anyone can see the token in the browser, then there is no security at all.

but I have a puzzle
that is why the resource server has to jump to the callback url given by the third-party site. If my url is an interface resource server, it can directly call back my interface without jumping through the browser. Then my server can directly token to my server, and then my server will decide how to jump after storing the token.
isn"t this simpler than authorization mode and safer than implicit mode


excuse me, how does the server call back your interface?


for security and callback

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e45f5f-4c280.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e45f5f-4c280.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?