The OAuth 2.0 Authorization Framework: Bearer Token Usage, October 2012
- Canonical URL:
- File formats:
- PROPOSED STANDARD
- M. Jones
- oauth (sec)
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, bearer tokens need to be protected from disclosure in storage and in transport. [STANDARDS-TRACK]
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 4844.