Olympus Documentation What is Olympus Architecture Repo Map License Glossary

Athena API Authentication Athena API Errors Athena API Pagination Athena Settings API SDK Settings API

Environment variables

OAuth2 grant types Authorization Code Authorization Code + PKCE Client Credentials Refresh Token Implicit Resource Owner Password Credentials

ReferenceGrants

Authorization Code

User redirects to Hydra → authenticates via Hera/Kratos → returns to app with one-time code → app exchanges code for tokens.

Authorization Code

Spec: RFC 6749 §4.1

Supported in Olympus: Yes

When to use

Server-side web apps that can keep a secret.

How it works

User redirects to Hydra → authenticates via Hera/Kratos → returns to app with one-time code → app exchanges code for tokens.

Integration guide

See /docs/integrate/oauth2/oauth2-authorization-code for full setup.

Related

Integrate, OAuth2 overview
Security, PKCE enforcement

OAuth2 grant types

Every OAuth2 grant type, supported and unsupported

Authorization Code + PKCE

Same as Authorization Code, but with a per-flow `code_verifier` ↔ `code_challenge` pair to prevent code interception.

On this page

Authorization Code When to use How it works Integration guide Related