3.1 OAuthAuthorizationCodeLookup Client Details

The "client role" of the protocol corresponds to the AD FS server that needs to retrieve an access token, corresponding to an OAuth authorization code presented to it by the OAuth client, from the AD FS server that originally issued the authorization code. In the client role of this protocol, an AD FS server looks up the authorization code presented to it by an OAuth client and determines which AD FS server in its farm originally issued that authorization code. Thereafter, using the ADFSOAL Protocol, the AD FS server in the client role issues an HTTP GET request to the AD FS server in the "server role" of the ADFSOAL Protocol in order to look up the OAuth authorization code. If the request is successful, the AD FS server implementing the server role returns the corresponding access token in the HTTP GET response.