Imagine now that the GoodApp application is no longer a simple HTML/JavaScript web application, but is now a full 3-tier client-server-database application. This client application is now able to securely store confidential information thanks to the server and database layer, and so is a perfect candidate for the authorization code grant workflow.
Remember that a trusted client is able to securely store confidential information, such as client credentials. So, during the registration process (which we will discuss in Chapter 3, Four Easy Steps), trusted clients will be issued credentials to store. Here is what that exchange looks like with a registered, trusted client using the authorization code grant flow, once again, picking up after GoodApp directs you to Facebook for user consent:
Here are the steps performed in the preceding flow chart, picking up from...