Access Token

tags :

Access Token in OAuth2 #

What It Is #

• A token that grants the client access to the user’s resources stored on the resource server. It is issued by the Authorization Server after successful Authentication and Authorization.

Purpose #

• Acts as a credential that allows the client to access the user’s Resource (like user profile, data, etc.) on their behalf, without exposing the user’s credentials.

Characteristics #

• Typically a string, often a JWT (JSON Web Token), representing the authorization granted to the client.
• Usually has a limited lifetime, after which it expires and can no longer be used.

Security #

• Enhances Security by providing a temporary, limited-scope access mechanism, reducing the risk of long-term credential exposure.

Usage in OAuth 2.0 Flow #

• The client requests access to resources from the resource server.
• The server requires a valid access token in the request to permit access.
• The token represents the user’s consent for the specific scope, duration, and other access attributes.

Refresh Token #

• Optionally paired with a refresh token for obtaining a new access token when the original expires, enabling long-lived access without re-authentication.