Overview#

In OAuth 2.0, Access Token is a Long-lived Token issued to the OAuth Client by the Authorization Server.

Access Token Used in conversation between OAuth Client and Resource Server

The Resource Owner involved in authorization decision

The OAuth 2.0 Audience Information add an additional "audience" parameter to the Access Token

You maybe wondering Why Access Tokens?

Contents#

Access Token in OAuth 2.0 the type is not specified other than that the Access Token is a Bearer Token. Usually, it is a JWT, but not guaranteed.

Access Token in OpenID Connect the type (typ) is specified in the Access Token

{
  "alg": "RS256",
  "typ": "JWT"
}
.
{
  "iss": "https://example.auth0.com/",
  "aud": "https://api.example.com/calandar/v1/",
  "sub": "usr_123",
  "scope": "read write",
  "iat": 1458785796,
  "exp": 1458872196
}

OAuth Parameters Registry for Access Token#

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-17) was last changed on 18-Mar-2017 12:08 by jim