Auth Code that we get from Fyers Auth Server after validating our identity
Again sending Auth Code to Fyers and generating Access Token
Why did Fyers not go with the implementation of single Token exchange ?
After sending AppID, AppSecret, CallbackURL the auth code that we get, why can this not be directly used for creating connections/requests between our custom app and Fyers.
I understand this is standard OAuth2 login flow but what/how extra security is achieved by two redundant trips of exchanging secrets (once for getting auth code and then for access token) ?
FYERS / Tech enthusiasts, please mention your thoughts to help me understand.