Overview#

Token_type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). The OAuth Client MUST NOT use an Access Token if it does not understand the Token_type.

For example, the Bearer Token type defined in RFC 6750 is utilized by simply including the access token string in the request:[1]

     GET /resource/1 HTTP/1.1
     Host: example.com
     Authorization: Bearer mF_9.B5f-4.1JqM

while the "mac" token type defined in OAuth-HTTP-MAC is utilized by issuing a Message Authentication Code (MAC) key together with the access token that is used to sign certain components of the HTTP requests:[1]

     GET /resource/1 HTTP/1.1
     Host: example.com
     Authorization: MAC id="h480djs93hd8",
                        nonce="274312:dj83hs9s",
                        mac="kDZvddkndxvhGRXZhvuDjEWhGeE="

The above examples are provided for illustration purposes only.

Developers are advised to consult the RFC 6750 and OAuth-HTTP-MAC specifications before use.

Each Token_type definition specifies the additional attributes (if any) sent to the OAuth Client together with the "access_token" response parameter. It also defines the HTTP authentication method used to include the Access Token when making a protected resource request.

More Information#

There might be more information for this subject on one of the following:

• Hybrid Flow
• OAuth 2.0 Token Exchange
• OAuth Parameters Registry
• OAuth Token Profile
• OAuth Token Response
• Response_type
• Uma-configuration
• Unsupported_token_type

---

• [#1] - The OAuth 2.0 Authorization Framework-section-7.1 - based on information obtained 2013-04-10