When your application passes a request with an access_token, the resource server will need to validate it. For more on this, see Validate Access Tokens.
The following web application examples show you the authorization code flow, as it would be implemented by a web app that needs to authenticate the end user and then create a local session for that user. These projects use popular web frameworks to handle the heavy lifting. Each project can be cloned and ran locally.
| Framework | Example Repository | |
|---|---|---|
| ASP.NET Core | https://github.com/oktadeveloper/okta-aspnetcore-mvc-example | |
| Express.js | https://github.com/okta/samples-nodejs-express-4 | |
| Spring | https://github.com/okta/samples-java-spring-mvc |