In the three-legged OAuth2 process, after the authorization server presents a form to the resource owner to grant access, what is the next step?

In the three-legged OAuth2 process, after the authorization server presents a form to the resource owner to grant access, what is the next step?
A . The resource owner authenticates and optionally authorizes with the authorization server.
B. The user who owns the resource initiates a request to the OAuth client.
C. If the resource owner allows access, the authorization server sends the OAuth client a redirection.
D. A form to allow or restrict access is submitted by the owner of the resource.

View Answer

Answer: C

Explanation:

"If the resource owner grants access, the authorization server redirects the user’s browser back to the client using the redirection URI provided earlier (in the request or during client (registration). The redirection URI includes an authorization code and any local state provided by the client earlier" "Assuming the resource owner grants access, the authorization server redirects the user-agent back to the client using the redirection URI provided earlier (in the request or during client (registration). The redirection URI includes an authorization code and any local state provided by the client earlier."