Identification, Authentication and Authorization

OAuth tokens

Authorization grant

Created by an OAuth server.

  • Upon authenticating a resource owner and getting its consent to grant access to a protected resource.

  • An opaque byte blob that makes sense only to its issuer.

Short validity time.

  • Just enough to get an access token.

Access token

  • Created by an OAuth server.

    • When creating an access token.

    • An opaque byte blob that makes sense only to its issuer.

    • It can be used to collect a new access token.

      • Still requires client authentication.

  • Bearer tokens.

    • Clients need to protect their use with HTPPS.

    • Clients can hand over tokens to others.

Refresh token

  • Created by an OAuth server.

    • When creating an access token.

    • An opaque byte blob that makes sense only to its issuer.

    • It can be used to collect a new access token.

      • Still requires client authentication.

  • Bearer tokens.

    • Clients need to protect their use with HTTPS.

    • Clients can hand over tokens to others.

PreviousApplication (client)NextOAuth flows

Last updated