Authorization Code Flow.
The OAuth 2.0 flow where the client receives an intermediate code via browser redirect, then exchanges the code for tokens at the authorization server's token endpoint.
OAuth 2.1 makes Authorization Code with PKCE the default for nearly all client types. The Implicit flow is removed; the Resource Owner Password Credentials flow is removed; Authorization Code with PKCE covers browser, mobile, and SPA clients with a single safe pattern.
Common questions
Is Authorization Code Flow the same as OAuth?
Do I need PKCE with Authorization Code?
What's the difference between Authorization Code and Implicit?