Overview#Token_type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). The OAuth Client MUST NOT use an Access Token if it does not understand the Token_type.
GET /resource/1 HTTP/1.1 Host: example.com Authorization: Bearer mF_9.B5f-4.1JqMwhile the "mac" token type defined in OAuth-HTTP-MAC is utilized by issuing a Message Authentication Code (MAC) key together with the access token that is used to sign certain components of the HTTP requests:
GET /resource/1 HTTP/1.1 Host: example.com Authorization: MAC id="h480djs93hd8", nonce="274312:dj83hs9s", mac="kDZvddkndxvhGRXZhvuDjEWhGeE="The above examples are provided for illustration purposes only.
Each Token_type definition specifies the additional attributes (if any) sent to the OAuth Client together with the "access_token" response parameter. It also defines the HTTP authentication method used to include the Access Token when making a protected resource request.
More Information#There might be more information for this subject on one of the following:
- Hybrid Flow
- OAuth 2.0 Token Exchange
- OAuth Parameters Registry
- OAuth Token Profile
- OAuth Token Response