Token_type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). The OAuth Client MUST NOT use an Access Token if it does not understand the Token_type.

For example, the Bearer Token type defined in RFC 6750 is utilized by simply including the access token string in the request:[1]

     GET /resource/1 HTTP/1.1
     Host: example.com
     Authorization: Bearer mF_9.B5f-4.1JqM
while the "mac" token type defined in OAuth-HTTP-MAC is utilized by issuing a Message Authentication Code (MAC) key together with the access token that is used to sign certain components of the HTTP requests:[1]
     GET /resource/1 HTTP/1.1
     Host: example.com
     Authorization: MAC id="h480djs93hd8",
The above examples are provided for illustration purposes only.

Developers are advised to consult the RFC 6750 and OAuth-HTTP-MAC specifications before use.

Each Token_type definition specifies the additional attributes (if any) sent to the OAuth Client together with the "access_token" response parameter. It also defines the HTTP authentication method used to include the Access Token when making a protected resource request.

More Information#

There might be more information for this subject on one of the following: