<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is a [token] that is involved in [Access]

!! [OAuth 2.0] [{$pagename}]
In [OAuth 2.0], [{$pagename}] is a [Token] issued to the [OAuth Client] by the [Authorization Server].

[{$pagename}] is used as a [credential] for the [OAuth Client] when attempting [access] to a [Resource Server]

The [Resource Owner] involved in [authorization] decision and grants [Permissions] (via [OAuth Scopes]).
* [{$pagename}] has a [Expiration Date], Usually Time limited, but large time.
* [{$pagename}] [MAY] be revoked by [Resource Owner] actions
* [{$pagename}] Contains [Authorized|Authorizations] via [OAuth Scopes]
* [{$pagename}] in [OAuth 2.0] the [Access Token Type] is __MAY NOT__ be specified and then it is a [Bearer Token]).

The [OAuth 2.0 Audience Information] add an additional &quot;audience&quot; parameter to the [{$pagename}]

You maybe wondering [Why Access Tokens]?

!! Contents
[{$pagename}] in [OAuth 2.0] the type is not specified other than that the [{$pagename}] is a [Bearer Token]. 

[{$pagename}] is returned from an in an [Authorization Response] as:

{{{
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
    &quot;access_token&quot;:&quot;mF_9.B5f-4.1JqM&quot;,
    &quot;token_type&quot;:&quot;Bearer&quot;,
    &quot;expires_in&quot;:3600,
    &quot;refresh_token&quot;:&quot;tGzv3JOkF0XG5Qx2TlKWIA&quot;
}
}}}

[{$pagename}] in [OpenID Connect] is specified as a [JSON Web Tokens] the type ([typ]) is specified in the [{$pagename}]
%%prettify 
{{{
{
  &quot;alg&quot;: &quot;RS256&quot;,
  &quot;typ&quot;: &quot;JWT&quot;
}
.
{
  &quot;iss&quot;: &quot;https://example.auth0.com/&quot;,
  &quot;aud&quot;: &quot;https://api.example.com/calandar/v1/&quot;,
  &quot;sub&quot;: &quot;usr_123&quot;,
  &quot;scope&quot;: &quot;read write&quot;,
  &quot;iat&quot;: 1458785796,
  &quot;exp&quot;: 1458872196
}
}}} /%

[Access Token Validation] describes how [Validation] SHOULD be performed.

!! [OAuth Confidential Client], [OAuth Public Client] and [access Token]
[OAuth Confidential Client] [authenticate] to the [Token_endpoint]. and not the [Authorization_endpoint] where as [OAuth Public Clients] obtain [{$pagename}] form the [Authorization_endpoint].

!! [OAuth Parameters Registry] for [{$pagename}]
* access_token - [OAuth Parameters Registry]
* urn:ietf:params:oauth:token-type:access_token - [Internet Draft] [OAuth 2.0 Token Exchange]


!! [MSFT Access Token]
[MSFT Access Token] is a [{$pagename}] used in [Microsoft Windows]


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>