An application has initiated an OAuth authorization code grant flow to get access to an API resource on behalf of an end user.
Which two parameters are specified in the HTTP request coming back to the application as the end user grants access? (Choose two.)
A. access token and a refresh token with respective expiration times to access the API resource
B. access token and expiration time to access the API resource
C. redirect URI a panel that shows the list of permissions to grant
D. code that can be exchanged for an access token
E. state can be used for correlation and security checks
