Why Access Tokens


When working with OAuth 2.0 protocols you might wonder Why Access Tokens?

When resources are protected with OAuth 2.0, users can use their credentials with an OAuth 2.0-compliant Identity Provider (IDP), such as OpenAM, Facebook, Google and others to access the resources, rather than setting up yet an account with third-party application.

Access Tokens are the credentials used to access Protected Resources. An Access Token is just a string that represents the authorization to access Protected Resources given by the Authorization Server. An Access Token, like cash, is a bearer Token. Which implies means that anyone who has the Access Token can use it to get the Protected Resources.

Access tokens therefore must be protected, so requests involving them must go over HTTPS.

One of the key advantages of Access Tokens over passwords or many other credentials is that Access Tokens can be granted and revoked without exposing the user's credentials.

More Information#

There might be more information for this subject on one of the following: