Laravel Passport Authorization Code Grant on Backend System

I am trying to think of the best way to implement the oauth authorization code grant in my API codebase.

I cant use the standard routes passport generates because I have no frontend so I can't create sessions or anything to store user data/codes etc...

Instead I was planning to use the following workflow -

User redirects to frontend (seperate codebase) {frontend}/oauth/authorize endpoint passing through the require URL params (client_id, redirect_uri) Once this page is hit a request is made to my backend system, this checks to make sure the client_id and redirect_uri match a record in the database. A success response is returned if a record exists. On the frontend because the backend response was a success they can now enter their username and password, a request is made to my backend system again to check these details are correct. If everything is correct the backend returns an auth code in the response data If the login response was successful the frontend redirects the user back to the callback URL with the code url param External app then makes a request to {backend}/oauth/token which checks the code and if its a success returns an access_token, refesh_token and expires_in My question is does this flow look correct for an app with seperate frontend/backend codebases. Just to clarify my frontend codebase is using the laravel password grant which is working fine so this question is only for integrating external systems via oauth.

I was also wondering when the backend generates the auth code where should this be stored which can then be checked again when the /oauth/token request is made?