Authorization Code Flow

Used in: End user to Resource API via the consuming application (Ends user to application)

Flow Type: Three Legged OAuth

Authorization Code Flow (Third Party Token Endpoint Behind API Management)

Used in: End user to Resource API via the consuming application (Ends user to application)

Flow Type: Three Legged OAuth

note

Protecting third party OAuth2.0 token endpoint behind API Management. Sample reference for demonstration. You need to consult your security team, if above proposal fits your security requirements accurately.