A successful response will be a redirect to the path contained in the redirect_uri query parameter, with the following query parameters added:
|code||The authorization code. Clients may expect this code to be approximately forty (40) characters long.|
|state||If the request included a state parameter, this will contain that same value. (If no state value was included, this parameter will not be appended to the redirect.)|
The authorization code will expire after ten (10) minutes. The OAuth 2.0 specification stipulates that it may be used no more than once, and that if a subsequent attempt is made to use the code, then the request should be denied and all access tokens associated with it should be revoked.