Access Token


In OAuth 2.0, Access Token is a Long-lived Token issued to the OAuth Client by the Authorization Server.

Access Token Used in conversation between OAuth Client and Resource Server

The Resource Owner involved in authorization decision

The OAuth 2.0 Audience Information add an additional "audience" parameter to the Access Token

You maybe wondering Why Access Tokens?


Access Token in OAuth 2.0 the type is not specified other than that the Access Token is a Bearer Token. Usually, it is a JWT, but not guaranteed.

Access Token in OpenID Connect the type (typ) is specified in the Access Token

  "alg": "RS256",
  "typ": "JWT"
  "iss": "https://example.auth0.com/",
  "aud": "https://api.example.com/calandar/v1/",
  "sub": "usr_123",
  "scope": "read write",
  "iat": 1458785796,
  "exp": 1458872196

OAuth Confidential Client, OAuth Public Client and access Token#

OAuth Confidential Client authenticate to the Token_endpoint. and not the Authorization_endpoint where as OAuth Public Clients obtain Access Token form the Authorization_endpoint.

OAuth Parameters Registry for Access Token#

More Information#

There might be more information for this subject on one of the following: