Authority
  • Introduction
  • In Action
  • Performance at Scale
  • Roadmap / Features
  • Getting Started
    • Introduction
    • Installation
    • Configuration Overview
  • Authentication
    • Authentication Guide
    • API Documentation
    • Customizing Authentication
  • Security & Error Handling
    • Security Considerations
    • Error Handling & Troubleshooting
  • Providers
    • Client Providers
    • Owner Providers
  • API Endpoints
    • API Endpoints
  • DEVELOPMENT
    • Requirements
    • Database
    • User Interface
    • Specs
    • Deployment
      • Environment Variables
  • Reference
    • OAuth Terms
    • OAuth 2 Grant Flows
      • Device Flow
      • Authorization Flow
      • Client Credentials Flow
      • Refreshing Access Tokens
      • Access Token Response
      • Json Web Tokens
      • Legacy: Implicit grant
      • Legacy: Password
    • Open ID Connect
      • Configuration
      • Registering Clients
      • User Info
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Reference
  2. OAuth 2 Grant Flows

Access Token Response

PreviousRefreshing Access TokensNextJson Web Tokens

Last updated 3 years ago

Was this helpful?

Successful Response

If the request for an access token is valid, the authorization server needs to generate an access token (and optional refresh token) and return these to the client, typically along with some additional properties about the authorization.

For example, a successful token response may look like the following:

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
 
{
  "access_token":"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3",
  "token_type":"bearer",
  "expires_in":3600,
  "refresh_token":"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk",
  "scope":"create"
}

Access Tokens

The format for OAuth 2.0 Bearer tokens is actually described in a separate spec, . There is no defined structure for the token required by the spec, so you can generate a string and implement tokens however you want. The valid characters in a bearer token are alphanumeric, and the following punctuation characters:

-._~+/

RFC 6750