diff --git a/composer.json b/composer.json
index 99b7279423..b7eb47eaf5 100644
--- a/composer.json
+++ b/composer.json
@@ -15,6 +15,7 @@
         "ext-readline": "*",
         "ext-redis": "*",
         "galbar/jsonpath": "^1.3.1",
+        "spryker-eco/authorization-picking-app-backend-api": "^0.2.0",
         "spryker-eco/loggly": "^0.1.1",
         "spryker-feature/agent-assist": "dev-master as 202407.0",
         "spryker-feature/alternative-products": "^202404.0",
diff --git a/composer.lock b/composer.lock
index e8075f7541..2b0766c378 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "0d7be52aa6467082c5a7ad8e3be0ed82",
+    "content-hash": "d6f88ffb93028460f6c06647027bb146",
     "packages": [
         {
             "name": "async-aws/core",
@@ -5160,6 +5160,74 @@
             ],
             "time": "2024-03-30T18:03:49+00:00"
         },
+        {
+            "name": "spryker-eco/authorization-picking-app-backend-api",
+            "version": "0.2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/spryker-eco/authorization-picking-app-backend-api.git",
+                "reference": "df2e0642e80d3f72034d8022773a2906c644abc4"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/spryker-eco/authorization-picking-app-backend-api/zipball/df2e0642e80d3f72034d8022773a2906c644abc4",
+                "reference": "df2e0642e80d3f72034d8022773a2906c644abc4",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.0",
+                "psr/http-message": "^1.0.0",
+                "spryker/glue-application-extension": "^1.10.0",
+                "spryker/guzzle": "^2.0.0",
+                "spryker/kernel": "^3.52.0",
+                "spryker/oauth": "^2.7.0",
+                "spryker/oauth-code-flow": "^0.1.0",
+                "spryker/propel-orm": "^1.16.0",
+                "spryker/symfony": "^3.0.0",
+                "spryker/transfer": "^3.33.1",
+                "spryker/user": "^3.9.0",
+                "spryker/util-encoding": "^2.1.1"
+            },
+            "require-dev": {
+                "codeception/module-asserts": "^3.0.0",
+                "phpstan/phpstan": "1.8.10",
+                "phpunit/phpunit": "^9.0.0",
+                "spryker/application": "*",
+                "spryker/code-sniffer": "*",
+                "spryker/config": "*",
+                "spryker/error-handler": "*",
+                "spryker/glue-application": "^1.39.0",
+                "spryker/log": "*",
+                "spryker/monolog": "*",
+                "spryker/propel": "^3.35.1",
+                "spryker/queue": "*",
+                "spryker/testify": "^3.47.0"
+            },
+            "suggest": {
+                "spryker/glue-application": "If you want to use plugins with glue application."
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "SprykerEco\\": "src/SprykerEco/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "description": "AuthorizationPickingAppBackendApi module",
+            "support": {
+                "issues": "https://github.com/spryker-eco/authorization-picking-app-backend-api/issues",
+                "source": "https://github.com/spryker-eco/authorization-picking-app-backend-api/tree/0.2.0"
+            },
+            "time": "2023-05-23T06:57:37+00:00"
+        },
         {
             "name": "spryker-eco/loggly",
             "version": "0.1.1",
@@ -30251,6 +30319,53 @@
             },
             "time": "2022-04-26T12:27:56+00:00"
         },
+        {
+            "name": "spryker/oauth-code-flow",
+            "version": "0.1.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/spryker/oauth-code-flow.git",
+                "reference": "a81858f78f2553886397b3e786414d2f1e90da31"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/spryker/oauth-code-flow/zipball/a81858f78f2553886397b3e786414d2f1e90da31",
+                "reference": "a81858f78f2553886397b3e786414d2f1e90da31",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.0",
+                "psr/http-message": "^1.0.0",
+                "spryker/kernel": "^3.30.0",
+                "spryker/oauth": "^2.7.0",
+                "spryker/oauth-extension": "^1.7.0",
+                "spryker/transfer": "^3.25.0"
+            },
+            "require-dev": {
+                "spryker/code-sniffer": "*",
+                "spryker/testify": "*"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Spryker\\": "src/Spryker/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "proprietary"
+            ],
+            "description": "OauthCodeFlow module",
+            "support": {
+                "source": "https://github.com/spryker/oauth-code-flow/tree/0.1.1"
+            },
+            "time": "2023-10-23T12:53:08+00:00"
+        },
         {
             "name": "spryker/oauth-cryptography",
             "version": "1.0.1",
diff --git a/config/Shared/config_default.php b/config/Shared/config_default.php
index d430e09b54..4b0cd848ca 100644
--- a/config/Shared/config_default.php
+++ b/config/Shared/config_default.php
@@ -265,7 +265,27 @@
         getenv('SPRYKER_OAUTH_KEY_PUBLIC') ?: '',
     ) ?: null;
 $config[OauthConstants::ENCRYPTION_KEY] = getenv('SPRYKER_OAUTH_ENCRYPTION_KEY') ?: null;
-$config[OauthConstants::OAUTH_CLIENT_CONFIGURATION] = json_decode(getenv('SPRYKER_OAUTH_CLIENT_CONFIGURATION'), true) ?: [];
+$config[OauthConstants::OAUTH_CLIENT_CONFIGURATION] = array_merge(
+    json_decode(getenv('SPRYKER_OAUTH_CLIENT_CONFIGURATION'), true) ?: [],
+    [
+        [
+            'identifier' => 'fulfillment-client-b2c-local',
+            'secret' => null,
+            'isConfidential' => false,
+            'name' => 'Fulfillment b2c local',
+            'redirectUri' => 'http://localhost:4200/oauth/cb/spryker',
+            'isDefault' => false,
+        ],
+        [
+            'identifier' => 'fulfillment-client-b2c-dev',
+            'secret' => null,
+            'isConfidential' => false,
+            'name' => 'Fulfillment b2c dev',
+            'redirectUri' => 'https://dev-b2c-fulfillment.netlify.app/oauth/cb/spryker',
+            'isDefault' => false,
+        ],
+    ],
+);
 
 // >> ZED REQUEST
 
diff --git a/deploy.dev.yml b/deploy.dev.yml
index d1a8672ea1..7f389f6cae 100644
--- a/deploy.dev.yml
+++ b/deploy.dev.yml
@@ -109,6 +109,7 @@ groups:
                 endpoints:
                     glue-backend.eu.spryker.local:
                         region: EU
+                        cors-allow-origin: '*'
             backoffice_eu:
                 application: backoffice
                 endpoints:
@@ -157,6 +158,7 @@ groups:
                 endpoints:
                     glue-backend.us.spryker.local:
                         region: US
+                        cors-allow-origin: '*'
             backoffice_us:
                 application: backoffice
                 endpoints:
diff --git a/deploy.spryker-b2cintt.yml b/deploy.spryker-b2cintt.yml
new file mode 100644
index 0000000000..6a6f1a069c
--- /dev/null
+++ b/deploy.spryker-b2cintt.yml
@@ -0,0 +1,190 @@
+version: "0.1"
+
+namespace: spryker-cloud
+tag: '1.0'
+
+environment: docker.production
+image:
+    tag: spryker/php:8.1
+    environment:
+        SPRYKER_DEFAULT_STORE: "DE"
+        SPRYKER_ACTIVE_STORES: "DE,AT"
+        SPRYKER_HOOK_BEFORE_DEPLOY: "vendor/bin/install -r EU/pre-deploy -vvv "
+        SPRYKER_HOOK_AFTER_DEPLOY: "true"
+        SPRYKER_HOOK_INSTALL: "vendor/bin/install -r EU/production --no-ansi -vvv"
+        SPRYKER_HOOK_DESTRUCTIVE_INSTALL: "vendor/bin/install -r EU/destructive --no-ansi -vvv"
+        SPRYKER_PRODUCT_CONFIGURATOR_HOST: dtc.b2c.internal-testing.demo-spryker.com
+        SPRYKER_PRODUCT_CONFIGURATOR_PORT: 443
+        SPRYKER_YVES_HOST_DE: www.de.b2c.internal-testing.demo-spryker.com
+        SPRYKER_YVES_HOST_AT: www.at.b2c.internal-testing.demo-spryker.com
+        SPRYKER_PUSH_NOTIFICATION_WEB_PUSH_PHP_VAPID_PUBLIC_KEY: 'BGqNWbv0hWM5CQ1-KwAfSQBMC6TMVFyrnh3vQp37oGCNvQ6eG_HyMjxBFJRWeCPTbzDoxcjhxLJS8Ck8r1G2oFw'
+        SPRYKER_PUSH_NOTIFICATION_WEB_PUSH_PHP_VAPID_PRIVATE_KEY: 'UK6DywwjKITPpRHBSY9TLPIXm6BPrHX40sseIoXT9c8'
+        SPRYKER_PUSH_NOTIFICATION_WEB_PUSH_PHP_VAPID_SUBJECT: 'https://spryker.com'
+    node:
+        version: 18
+        npm: 9
+
+composer:
+    mode: --no-dev
+    autoload: --classmap-authoritative
+
+assets:
+    image: spryker/nginx-brotli:latest
+    mode: production
+    compression:
+        brotli:
+            static: on
+            level: 5
+
+regions:
+    EU:
+        services:
+            mail:
+                sender:
+                    name: Spryker No-Reply
+                    email: no-reply@b2c.internal-testing.demo-spryker.com
+            database:
+                database: spryker_b2cintt #Example: environment_staging
+                username: spryker
+                password: secret
+
+        stores:
+            DE:
+                services:
+                    broker:
+                        namespace: de_queue
+                    key_value_store:
+                        namespace: 1
+                    search:
+                        namespace: de_search
+                    session:
+                        namespace: 2
+            AT:
+                services:
+                    broker:
+                        namespace: at_queue
+                    key_value_store:
+                        namespace: 1
+                    search:
+                        namespace: at_search
+                    session:
+                        namespace: 2
+
+groups:
+    EU:
+        region: EU
+        applications:
+            yves:
+                application: yves
+                endpoints:
+                    dtc.b2c.internal-testing.demo-spryker.com:
+                        entry-point: Configurator
+                    www.de.b2c.internal-testing.demo-spryker.com:
+                        store: DE
+                    www.at.b2c.internal-testing.demo-spryker.com:
+                        store: AT
+
+            boffice:
+                application: backoffice
+                endpoints:
+                    backoffice.de.b2c.internal-testing.demo-spryker.com:
+                        store: DE
+                    backoffice.at.b2c.internal-testing.demo-spryker.com:
+                        store: AT
+            backgw:
+                application: backend-gateway
+                endpoints:
+                    backend-gateway.de.b2c.internal-testing.demo-spryker.com:
+                        store: DE
+                    backend-gateway.at.b2c.internal-testing.demo-spryker.com:
+                        store: AT
+            backapi:
+                application: zed
+                endpoints:
+                    backend-api.de.b2c.internal-testing.demo-spryker.com:
+                        store: DE
+                        entry-point: BackendApi
+                    backend-api.at.b2c.internal-testing.demo-spryker.com:
+                        store: AT
+                        entry-point: BackendApi
+            glue:
+                application: glue
+                endpoints:
+                    glue.de.b2c.internal-testing.demo-spryker.com:
+                        store: DE
+                    glue.at.b2c.internal-testing.demo-spryker.com:
+                        store: AT
+            gluestorefront:
+                application: glue-storefront
+                endpoints:
+                    glue-storefront.de.b2c.internal-testing.demo-spryker.com:
+                        store: DE
+                    glue-storefront.at.b2c.internal-testing.demo-spryker.com:
+                        store: AT
+            gluebackend:
+                application: glue-backend
+                endpoints:
+                    glue-backend.de.b2c.internal-testing.demo-spryker.com:
+                        store: DE
+                        cors-allow-origin: '*'
+                    glue-backend.at.b2c.internal-testing.demo-spryker.com:
+                        store: AT
+                        cors-allow-origin: '*'
+services:
+    database:
+        engine: mysql
+        version: mariadb-10.4
+        root:
+            username: "root"
+            password: "secret"
+        endpoints:
+            localhost:3306:
+                protocol: tcp
+    broker:
+        engine: rabbitmq
+        version: '3.9'
+        api:
+            username: "spryker"
+            password: "secret"
+        endpoints:
+            queue.b2c.internal-testing.demo-spryker.com:
+            localhost:5672:
+                protocol: tcp
+    session:
+        engine: redis
+    key_value_store:
+        engine: redis
+        endpoints:
+            localhost:16379:
+                protocol: tcp
+    search:
+        engine: elastic
+        version: '7.10'
+        endpoints:
+            localhost:9200:
+                protocol: tcp
+    scheduler:
+        engine: jenkins
+        endpoints:
+            scheduler.internal-testing.demo-spryker.com:
+    mail_catcher:
+        engine: mailhog
+        endpoints:
+            mail.internal-testing.demo-spryker.com:
+
+docker:
+
+    ssl:
+        enabled: true
+        redirect: true
+
+    debug:
+        enabled: false
+        xdebug:
+            enabled: false
+
+    testing:
+        store: DE
+
+    mount:
+        baked:
diff --git a/src/Orm/Zed/OauthCodeFlow/Persistence/SpyOauthCodeFlowAuthCode.php b/src/Orm/Zed/OauthCodeFlow/Persistence/SpyOauthCodeFlowAuthCode.php
new file mode 100644
index 0000000000..89ecc298ca
--- /dev/null
+++ b/src/Orm/Zed/OauthCodeFlow/Persistence/SpyOauthCodeFlowAuthCode.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace Orm\Zed\OauthCodeFlow\Persistence;
+
+use Spryker\Zed\OauthCodeFlow\Persistence\Propel\AbstractSpyOauthCodeFlowAuthCode as BaseSpyOauthCodeFlowAuthCode;
+
+/**
+ * Skeleton subclass for representing a row from the 'spy_oauth_code_flow_auth_code' table.
+ *
+ *
+ *
+ * You should add additional methods to this class to meet the
+ * application requirements.  This class will only be generated as
+ * long as it does not already exist in the output directory.
+ */
+class SpyOauthCodeFlowAuthCode extends BaseSpyOauthCodeFlowAuthCode
+{
+
+}
diff --git a/src/Orm/Zed/OauthCodeFlow/Persistence/SpyOauthCodeFlowAuthCodeQuery.php b/src/Orm/Zed/OauthCodeFlow/Persistence/SpyOauthCodeFlowAuthCodeQuery.php
new file mode 100644
index 0000000000..281f24427d
--- /dev/null
+++ b/src/Orm/Zed/OauthCodeFlow/Persistence/SpyOauthCodeFlowAuthCodeQuery.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace Orm\Zed\OauthCodeFlow\Persistence;
+
+use Spryker\Zed\OauthCodeFlow\Persistence\Propel\AbstractSpyOauthCodeFlowAuthCodeQuery as BaseSpyOauthCodeFlowAuthCodeQuery;
+
+/**
+ * Skeleton subclass for performing query and update operations on the 'spy_oauth_code_flow_auth_code' table.
+ *
+ *
+ *
+ * You should add additional methods to this class to meet the
+ * application requirements.  This class will only be generated as
+ * long as it does not already exist in the output directory.
+ */
+class SpyOauthCodeFlowAuthCodeQuery extends BaseSpyOauthCodeFlowAuthCodeQuery
+{
+
+}
diff --git a/src/Pyz/Glue/GlueBackendApiApplication/GlueBackendApiApplicationDependencyProvider.php b/src/Pyz/Glue/GlueBackendApiApplication/GlueBackendApiApplicationDependencyProvider.php
index f9a5c180f0..e5bdd7f6f2 100644
--- a/src/Pyz/Glue/GlueBackendApiApplication/GlueBackendApiApplicationDependencyProvider.php
+++ b/src/Pyz/Glue/GlueBackendApiApplication/GlueBackendApiApplicationDependencyProvider.php
@@ -37,6 +37,7 @@
 use Spryker\Glue\WarehouseOauthBackendApi\Plugin\GlueBackendApiApplication\WarehouseTokensBackendResourcePlugin;
 use Spryker\Glue\WarehouseUsersBackendApi\Plugin\GlueBackendApiApplication\WarehouseUserAssignmentsBackendResourcePlugin;
 use Spryker\Zed\Propel\Communication\Plugin\Application\PropelApplicationPlugin;
+use SprykerEco\Glue\AuthorizationPickingAppBackendApi\Plugin\GlueApplication\AuthorizeResource;
 
 class GlueBackendApiApplicationDependencyProvider extends SprykerGlueBackendApiApplicationDependencyProvider
 {
@@ -117,6 +118,7 @@ protected function getResourcePlugins(): array
             new PickingListsBackendResourcePlugin(),
             new PickingListStartPickingBackendResourcePlugin(),
             new PickingListItemsBackendResourcePlugin(),
+            new AuthorizeResource(),
             new WarehouseUserAssignmentsBackendResourcePlugin(),
         ];
 
diff --git a/src/Pyz/Zed/AuthorizationPickingAppBackendApi/AuthorizationPickingAppBackendApiConfig.php b/src/Pyz/Zed/AuthorizationPickingAppBackendApi/AuthorizationPickingAppBackendApiConfig.php
new file mode 100644
index 0000000000..7a1db0fd56
--- /dev/null
+++ b/src/Pyz/Zed/AuthorizationPickingAppBackendApi/AuthorizationPickingAppBackendApiConfig.php
@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * This file is part of the Spryker Suite.
+ * For full license information, please view the LICENSE file that was distributed with this source code.
+ */
+
+namespace Pyz\Zed\AuthorizationPickingAppBackendApi;
+
+use SprykerEco\Zed\AuthorizationPickingAppBackendApi\AuthorizationPickingAppBackendApiConfig as SprykerEcoAuthorizationPickingAppBackendApiConfig;
+
+class AuthorizationPickingAppBackendApiConfig extends SprykerEcoAuthorizationPickingAppBackendApiConfig
+{
+    /**
+     * @return list<string>
+     */
+    public function getUserScopes(): array
+    {
+        return [
+            'warehouse-user',
+        ];
+    }
+}
diff --git a/src/Pyz/Zed/Oauth/OauthDependencyProvider.php b/src/Pyz/Zed/Oauth/OauthDependencyProvider.php
index 4799139f5a..8fc5d37e01 100644
--- a/src/Pyz/Zed/Oauth/OauthDependencyProvider.php
+++ b/src/Pyz/Zed/Oauth/OauthDependencyProvider.php
@@ -17,6 +17,8 @@
 use Spryker\Zed\OauthAgentConnector\Communication\Plugin\Oauth\AgentCredentialsOauthGrantTypeConfigurationProviderPlugin;
 use Spryker\Zed\OauthAgentConnector\Communication\Plugin\Oauth\AgentOauthScopeProviderPlugin;
 use Spryker\Zed\OauthAgentConnector\Communication\Plugin\Oauth\AgentOauthUserProviderPlugin;
+use Spryker\Zed\OauthCodeFlow\Communication\Plugin\Oauth\CustomerAuthCodeOauthRequestGrantTypeConfigurationProviderPlugin;
+use Spryker\Zed\OauthCodeFlow\Communication\Plugin\Oauth\UserAuthCodeOauthRequestGrantTypeConfigurationProviderPlugin;
 use Spryker\Zed\OauthCustomerConnector\Communication\Plugin\Oauth\CustomerImpersonationOauthGrantTypeConfigurationProviderPlugin;
 use Spryker\Zed\OauthCustomerConnector\Communication\Plugin\Oauth\CustomerImpersonationOauthScopeProviderPlugin;
 use Spryker\Zed\OauthCustomerConnector\Communication\Plugin\Oauth\CustomerImpersonationOauthUserProviderPlugin;
@@ -164,6 +166,8 @@ protected function getOauthRequestGrantTypeConfigurationProviderPlugins(): array
             new UserPasswordOauthRequestGrantTypeConfigurationProviderPlugin(),
             new CustomerPasswordOauthRequestGrantTypeConfigurationProviderPlugin(),
             new WarehouseOauthRequestGrantTypeConfigurationProviderPlugin(),
+            new UserAuthCodeOauthRequestGrantTypeConfigurationProviderPlugin(),
+            new CustomerAuthCodeOauthRequestGrantTypeConfigurationProviderPlugin(),
         ];
     }