Overview#
Token_type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). The OAuth Client MUST NOT use an Access Token if it does not understand the Token_type.For example, the Bearer Token type defined in RFC 6750 is utilized by simply including the access token string in the request:[1]
GET /resource/1 HTTP/1.1
Host: example.com
Authorization: Bearer mF_9.B5f-4.1JqM
while the "mac" token type defined in OAuth-HTTP-MAC is utilized by issuing a Message Authentication Code (MAC) key together with the access token that is used to sign certain components of the HTTP requests:[1]
GET /resource/1 HTTP/1.1
Host: example.com
Authorization: MAC id="h480djs93hd8",
nonce="274312:dj83hs9s",
mac="kDZvddkndxvhGRXZhvuDjEWhGeE="
The above examples are provided for illustration purposes only.
Developers are advised to consult the RFC 6750 and OAuth-HTTP-MAC specifications before use.
Each Token_type definition specifies the additional attributes (if any) sent to the OAuth Client together with the "access_token" response parameter. It also defines the HTTP authentication method used to include the Access Token when making a protected resource request.
More Information#
There might be more information for this subject on one of the following:- Hybrid Flow
- OAuth 2.0 Token Exchange
- OAuth Parameters Registry
- OAuth Token Profile
- OAuth Token Response
- Response_type
- Uma-configuration
- Unsupported_token_type
- [#1] - The OAuth 2.0 Authorization Framework-section-7.1
- based on information obtained 2013-04-10
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!