oauth tutorial - OAuth Access Token Response - oauth2 tutorial - oauth authentication
What is access Token?
- Access token is a type of token that is assigned by the authorization server. The authorization server issues the access token if the access token request is valid and authorized.
- If the token access request is invalid or unauthorized, then the authorization server returns an error response.
Learn OAuth 2.0 - OAuth 2.0 tutorial - process of access token response in oauth - OAuth 2.0 examples - OAuth 2.0 programs
Access Token Response:
- The access token is given by the authorization server when it accepts the client ID, client password and authorization code sent by the client application.
- Once the user receives the token, it can be sent to the access resources such as Facebook, Google, etc. to access the resources in the system, related to the logged in users.
- The access token response contains the following JSON structure.
Learn OAuth 2.0 - OAuth 2.0 tutorial - process of access token response in oauth - OAuth 2.0 examples - OAuth 2.0 programs
Access Token Property:
The response with an access token should contain the following properties:
- access_token (required) The access token string as issued by the authorization server.
- token_type (required) The type of token this is, typically just the string “bearer”.
- expires_in (recommended) If the access token expires, the server should reply with the duration of time the access token is granted for.
- refresh_token (optional) If the access token will expire, then it is useful to return a refresh token which applications can use to obtain another access token.
- However, tokens issued with the implicit grant cannot be issued a refresh token.
- scope (optional) If the scope the user granted is identical to the scope the app requested, this parameter is optional.
- If the granted scope is different from the requested scope, such as if the user modified the scope, then this parameter is required.
If the request for an access token is valid, the authorization server needs to generate an access token (and optional refresh token) and return these to the client, typically along with some additional properties about the authorization.