An application uses OAuth to get access to several API resources on behalf of an end user. What are two valid parameters to send to the authorization server as part of the first step of an authorization code grant flow? (Choose two.)
A. URI to which the authorization server will send the user-agent back when access is granted or denied
B. list of the API resources that the application is requesting to access
C. secret that was generated by the authorization server when the application registered as an OAuth integration
D. list of scopes that correspond to the API resources to which the application is requesting to access
E. name of the application under which the application registered as an OAuth integration
