Basically In oauth2 protocol after authentication, we get the access_token from the token endpoint using the code we got after successfull authentication.
My Concern