IETF RFC 6750 - OAuth 2.0 Bearer Token Usage

From IDESG Wiki
Jump to: navigation, search

Title: The OAuth 2.0 Authorization Framework: Bearer Token Usage (Request for Comments: 6750) (ISSN: 2070-1721)

Category: Authentication protocol specification

Date: October 2012

Creator: Internet Engineering Task Force (IETF)


Description: This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, bearer tokens need to be protected from disclosure in storage and in transport.





  • "Bearer Token" - A security token with the property that any party in possession of the token (a "bearer") can use the token in any way that any other party in possession of it can. Using a bearer token does not require a bearer to prove possession of cryptographic key material (proof-of-possession).
  • All other terms are as defined in "The OAuth 2.0 Authorization Framework" [RFC6749].