Access Token


Access Token is a token that is involved in Access

OAuth 2.0 Access Token#

In OAuth 2.0, Access Token is a Token issued to the OAuth Client by the Authorization Server.

Access Token is used as a credential for the OAuth Client when attempting access to a Resource Server

The Resource Owner involved in authorization decision and grants Permissions (via OAuth Scopes).

The OAuth 2.0 Audience Information add an additional "audience" parameter to the Access Token

You maybe wondering Why Access Tokens?


Access Token in OAuth 2.0 the type is not specified other than that the Access Token is a Bearer Token.

Access Token is returned from an in an Authorization Response as:

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

Access Token in OpenID Connect is specified as a JSON Web Tokens the type (typ) is specified in the Access Token

  "alg": "RS256",
  "typ": "JWT"
  "iss": "https://example.auth0.com/",
  "aud": "https://api.example.com/calandar/v1/",
  "sub": "usr_123",
  "scope": "read write",
  "iat": 1458785796,
  "exp": 1458872196

Access Token Validation describes how Validation SHOULD be performed.

OAuth Confidential Client, OAuth Public Client and access Token#

OAuth Confidential Client authenticate to the Token_endpoint. and not the Authorization_endpoint where as OAuth Public Clients obtain Access Token form the Authorization_endpoint.

OAuth Parameters Registry for Access Token#

MSFT Access Token#

MSFT Access Token is a Access Token used in Microsoft Windows

More Information#

There might be more information for this subject on one of the following: