Hi all,

I am working to develop a proxy to bring in external profile data. the data vendor uses 3 legged oauth. The user will need to authenticate with the data vendor to authorize apigee to access the user data. The question I have is that when the app redirects the user to the data vendor for authentication and the data vendor returns the request token, should the UI (for the user) receives the request token and pass the token to apigee to exchange for access token? or should the UI uses the request token to exchange for access token and gives the access token to apigee? What is the "typical" flow?