An authorization code is a intermediate credential used in a authorization code flow to retrieve a access token.
It's a shared secret that does not long live because it's passed back via the query parameters and therefore will be leaked (written) in a Web Log of the HTTP request.
https://example.com/redirection/path?code=AUTHORIZATION_CODE&state=xxxxx
where:
Example of value
code=4/0AX4XfWhcZSdBvBXanPSGA5VYYjz0_gwFtRLB2csaJ4K_ym6BS4QBTBq4hysO4oKyp0AinA
The authorization code provides a few important security benefits, such as: