Overview#

OAuth 2.0 Tokens are used in Grant Types where the Bearer of the OAuth 2.0 Tokens has associated Permissions. This requires that the OAuth 2.0 Tokens be handled securely. OAuth 2.0 Tokens are issued and managed by the Authorization Server:

• Access Token
• Refresh Token
• Authorization Code - Even though not called a Token in the specification, the Authorization Code maybe thought of as a OAuth 2.0 Tokens

OAuth 2.0 Tokens Attributes#

OAuth 2.0 Tokens have various Attributes that maybe associated with the OAuth 2.0 Tokens:

• OAuth Scopes
• User Defined Attributes - Generally, User Defined Attributes should not be used with OAuth 2.0 Tokens

More Information#

There might be more information for this subject on one of the following:

• OAuth 2.0
• OAuth 2.0 Tokens
• Security Token
• Token Binding over HTTP