Access Token Type


Access Token Type provides the OAuth Client with the information required to successfully utilize the access_token to make a Protected Resource request (along with type-specific attributes).

The OAuth Client MUST NOT use an access token if it does not understand the Access Token Type.

Each Access Token Type definition specifies the additional attributes (if any) sent to the OAuth Client together with the "access_token" response parameter. It also defines the HTTP Authentication Method used to include the Access Token when making a protected resource request.

Defining Access Token Types#

Access Token Types can be defined in one of two ways:

registered in the Access Token Types Registry (following the procedures in RFC 6749 Section 11.1), or by using a unique absolute URI as its name.

Types utilizing a URI name SHOULD be limited to vendor-specific implementations that are not commonly applicable, and are specific to the implementation details of the resource server where they are used.

All other types MUST be registered. Type names MUST conform to the type-name ABNF. If the type definition includes a new HTTP authentication scheme, the type name SHOULD be identical to the HTTP authentication scheme name (as defined by RFC 2617). The Access Token Type "example" is reserved for use in examples.

More Information#

There might be more information for this subject on one of the following: