/authorize
call to the callback on the redirect_uri (such as a user’s id). It must be verified in your callback to prevent CSRF attacks./authorize
, then verified on the returned access token. For more information see The OAuth 2.0 Authorization Framework Access Token Types.