Overview#
OAuth 2.0 Tokens are used in Grant Types where the Bearer of the OAuth 2.0 Tokens has associated Permissions. This requires that the OAuth 2.0 Tokens be handled securely. OAuth 2.0 Tokens are issued and managed by the Authorization Server:- Access Token
- Refresh Token
- Authorization Code - Even though not called a Token in the specification, the Authorization Code maybe thought of as a OAuth 2.0 Tokens
OAuth 2.0 Tokens Attributes#
OAuth 2.0 Tokens have various Attributes that maybe associated with the OAuth 2.0 Tokens:- OAuth Scopes
- User Defined Attributes - Generally, User Defined Attributes should not be used with OAuth 2.0 Tokens