SlideShare a Scribd company logo
1 of 7
Download to read offline
OAuth 2.0
ISSUING AN ACCESS TOKEN
Successful Response
 The authorization server validates the authentication process and issues an
access token and optionally a refresh token by making a response with the
following parameters:
 access_token (REQUIRED)
 token_type (REQUIRED) Bearer, MAC, … [case insensitive]
 expires_in (RECOMMENDED) the lifetime in seconds
 refresh_token (OPTIONAL)
 scope (OPTIONAL)
Successful Response - continued
 The parameters are included in the body of the HTTP Response using
“application/json” media type.
 The parameters are serialized into JSON by adding each parameter at the
highest structure level.
 Parameter names and string values are represented as JSON strings
 Numerical values are represented as JSON numbers
 The order of parameters does not matter
 The Authorization Sever must include the HTTP “Cache-Control” response
header field with the value “no-store” in any response containing tokens,
credentials, or any other sensitive information
 The Authorization Server must also include “Pragma” in the response header
field with a value of “no-cache”
Successful Response - continued
Example:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"example",
"expires_in":3600,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter":"example_value"
}
Successful Response - continued
 The client must ignore the unknown values / parameters in the response.
 The client should avoid making assumptions about the value sizes
Error Response
 The Authorization Server responds with a HTTP 400 (Bad Request) status code
and includes the following parameters:
 error (REQUIRED) A single ASCII error code from the following:
invalid_request, unauthorized_client, access_denied, access_denied,
unsupported_response_type, invalid_scope, server_error, temporarily_unavailable
 error_description (OPTIONAL) human readable ASCII error message with
additional information
 error_uri (OPTIONAL) URI of an error web page
Error Response - continued
 The parameters are included in the HTTP response using “application/json” media
type
Example:
HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"error":"invalid_request"
}

More Related Content

Viewers also liked

الامارات العاصمة الانسانية
الامارات العاصمة الانسانيةالامارات العاصمة الانسانية
الامارات العاصمة الانسانيةRadwa Radwan
 
The Dorm Shop
The Dorm ShopThe Dorm Shop
The Dorm ShopIOSIGNITE
 
Excuse letter, bonoan
Excuse letter, bonoanExcuse letter, bonoan
Excuse letter, bonoanRafael Basa
 
Presentacion dino salinas
Presentacion dino salinasPresentacion dino salinas
Presentacion dino salinaszarmath
 
Assign 24 digipak conventions
Assign 24 digipak conventionsAssign 24 digipak conventions
Assign 24 digipak conventionstwbsmediaconnell
 

Viewers also liked (7)

الامارات العاصمة الانسانية
الامارات العاصمة الانسانيةالامارات العاصمة الانسانية
الامارات العاصمة الانسانية
 
The Dorm Shop
The Dorm ShopThe Dorm Shop
The Dorm Shop
 
Excuse letter, bonoan
Excuse letter, bonoanExcuse letter, bonoan
Excuse letter, bonoan
 
Presentacion dino salinas
Presentacion dino salinasPresentacion dino salinas
Presentacion dino salinas
 
Kumarshivam (2)
Kumarshivam (2)Kumarshivam (2)
Kumarshivam (2)
 
Assign 24 digipak conventions
Assign 24 digipak conventionsAssign 24 digipak conventions
Assign 24 digipak conventions
 
Types of rock
Types of rockTypes of rock
Types of rock
 

Similar to (5) OAuth 2.0 Issuing an Access Token

NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations Torsten Lodderstedt
 
(6) OAuth 2.0 Refreshing an Access Token
(6) OAuth 2.0 Refreshing an Access Token(6) OAuth 2.0 Refreshing an Access Token
(6) OAuth 2.0 Refreshing an Access Tokenanikristo
 
(4) OAuth 2.0 Obtaining Authorization
(4) OAuth 2.0 Obtaining Authorization(4) OAuth 2.0 Obtaining Authorization
(4) OAuth 2.0 Obtaining Authorizationanikristo
 
jQuery : Talk to server with Ajax
jQuery : Talk to server with AjaxjQuery : Talk to server with Ajax
jQuery : Talk to server with AjaxWildan Maulana
 
Apex Testing and Best Practices
Apex Testing and Best PracticesApex Testing and Best Practices
Apex Testing and Best PracticesJitendra Zaa
 
Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...
Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...
Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...BizTalk360
 
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfConfiguring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfdjameleddine2015
 
Asynchronous t sql
Asynchronous t sqlAsynchronous t sql
Asynchronous t sqlRemus Rusanu
 
Descargar datos con JSON en Android
Descargar datos con JSON en AndroidDescargar datos con JSON en Android
Descargar datos con JSON en Android★ Raúl Laza
 
ESM Service Layer API Reference, Vol. 1: Core-Client Services (ESM v6.9.1c)
ESM Service Layer API Reference, Vol. 1: Core-Client Services (ESM v6.9.1c)ESM Service Layer API Reference, Vol. 1: Core-Client Services (ESM v6.9.1c)
ESM Service Layer API Reference, Vol. 1: Core-Client Services (ESM v6.9.1c)Protect724tk
 
Overview of RESTful web services
Overview of RESTful web servicesOverview of RESTful web services
Overview of RESTful web servicesnbuddharaju
 
Ppt on web development and this has all details
Ppt on web development and this has all detailsPpt on web development and this has all details
Ppt on web development and this has all detailsgogijoshiajmer
 
JavaEE Security
JavaEE SecurityJavaEE Security
JavaEE SecurityAlex Kim
 
Asp.Net Ajax Component Development
Asp.Net Ajax Component DevelopmentAsp.Net Ajax Component Development
Asp.Net Ajax Component DevelopmentChui-Wen Chiu
 
ESM_ServiceLayerCoreServices_Javadoc_Vol1_1.0.pdf
ESM_ServiceLayerCoreServices_Javadoc_Vol1_1.0.pdfESM_ServiceLayerCoreServices_Javadoc_Vol1_1.0.pdf
ESM_ServiceLayerCoreServices_Javadoc_Vol1_1.0.pdfProtect724v2
 

Similar to (5) OAuth 2.0 Issuing an Access Token (20)

OAuth1.0
OAuth1.0OAuth1.0
OAuth1.0
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
(6) OAuth 2.0 Refreshing an Access Token
(6) OAuth 2.0 Refreshing an Access Token(6) OAuth 2.0 Refreshing an Access Token
(6) OAuth 2.0 Refreshing an Access Token
 
(4) OAuth 2.0 Obtaining Authorization
(4) OAuth 2.0 Obtaining Authorization(4) OAuth 2.0 Obtaining Authorization
(4) OAuth 2.0 Obtaining Authorization
 
jQuery : Talk to server with Ajax
jQuery : Talk to server with AjaxjQuery : Talk to server with Ajax
jQuery : Talk to server with Ajax
 
Apex Testing and Best Practices
Apex Testing and Best PracticesApex Testing and Best Practices
Apex Testing and Best Practices
 
Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...
Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...
Use Windows Azure Service Bus, BizTalk Services, Mobile Services, and BizTalk...
 
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfConfiguring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basics
 
Postman.ppt
Postman.pptPostman.ppt
Postman.ppt
 
Asynchronous t sql
Asynchronous t sqlAsynchronous t sql
Asynchronous t sql
 
Descargar datos con JSON en Android
Descargar datos con JSON en AndroidDescargar datos con JSON en Android
Descargar datos con JSON en Android
 
ESM Service Layer API Reference, Vol. 1: Core-Client Services (ESM v6.9.1c)
ESM Service Layer API Reference, Vol. 1: Core-Client Services (ESM v6.9.1c)ESM Service Layer API Reference, Vol. 1: Core-Client Services (ESM v6.9.1c)
ESM Service Layer API Reference, Vol. 1: Core-Client Services (ESM v6.9.1c)
 
Remote api
Remote apiRemote api
Remote api
 
Overview of RESTful web services
Overview of RESTful web servicesOverview of RESTful web services
Overview of RESTful web services
 
Ppt on web development and this has all details
Ppt on web development and this has all detailsPpt on web development and this has all details
Ppt on web development and this has all details
 
JavaEE Security
JavaEE SecurityJavaEE Security
JavaEE Security
 
Restful api
Restful apiRestful api
Restful api
 
Asp.Net Ajax Component Development
Asp.Net Ajax Component DevelopmentAsp.Net Ajax Component Development
Asp.Net Ajax Component Development
 
ESM_ServiceLayerCoreServices_Javadoc_Vol1_1.0.pdf
ESM_ServiceLayerCoreServices_Javadoc_Vol1_1.0.pdfESM_ServiceLayerCoreServices_Javadoc_Vol1_1.0.pdf
ESM_ServiceLayerCoreServices_Javadoc_Vol1_1.0.pdf
 

Recently uploaded

ADM100 Running Book for sap basis domain study
ADM100 Running Book for sap basis domain studyADM100 Running Book for sap basis domain study
ADM100 Running Book for sap basis domain studydhruvamdhruvil123
 
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACHTEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACHSneha Padhiar
 
Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...
Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...
Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...arifengg7
 
Road Development plans of India-Transportation Engineering
Road Development plans of India-Transportation EngineeringRoad Development plans of India-Transportation Engineering
Road Development plans of India-Transportation EngineeringSayli Madhale
 
Defining the Clouds for entriprises.pptx
Defining the Clouds for entriprises.pptxDefining the Clouds for entriprises.pptx
Defining the Clouds for entriprises.pptxAshwiniTodkar4
 
SOFTWARE ESTIMATION COCOMO AND FP CALCULATION
SOFTWARE ESTIMATION COCOMO AND FP CALCULATIONSOFTWARE ESTIMATION COCOMO AND FP CALCULATION
SOFTWARE ESTIMATION COCOMO AND FP CALCULATIONSneha Padhiar
 
Secure Key Crypto - Tech Paper JET Tech Labs
Secure Key Crypto - Tech Paper JET Tech LabsSecure Key Crypto - Tech Paper JET Tech Labs
Secure Key Crypto - Tech Paper JET Tech Labsamber724300
 
Ece technical seminar topic for under graduate.pptx
Ece technical seminar topic for under graduate.pptxEce technical seminar topic for under graduate.pptx
Ece technical seminar topic for under graduate.pptxArjunPLinekaje
 
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptx
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptxTriangulation survey (Basic Mine Surveying)_MI10412MI.pptx
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptxRomil Mishra
 
priority interrupt computer organization
priority interrupt computer organizationpriority interrupt computer organization
priority interrupt computer organizationchnrketan
 
Pyrolysis process control: temperature control design and application for opt...
Pyrolysis process control: temperature control design and application for opt...Pyrolysis process control: temperature control design and application for opt...
Pyrolysis process control: temperature control design and application for opt...IJECEIAES
 
Ergodomus - LOD 400 Production Drawings Exampes - Copy.pdf
Ergodomus - LOD 400 Production Drawings Exampes - Copy.pdfErgodomus - LOD 400 Production Drawings Exampes - Copy.pdf
Ergodomus - LOD 400 Production Drawings Exampes - Copy.pdfgestioneergodomus
 
Cost estimation approach: FP to COCOMO scenario based question
Cost estimation approach: FP to COCOMO scenario based questionCost estimation approach: FP to COCOMO scenario based question
Cost estimation approach: FP to COCOMO scenario based questionSneha Padhiar
 
Uk-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Exp...
Uk-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Exp...Uk-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Exp...
Uk-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Exp...Amil baba
 
Introduction to Machine Learning Part1.pptx
Introduction to Machine Learning Part1.pptxIntroduction to Machine Learning Part1.pptx
Introduction to Machine Learning Part1.pptxPavan Mohan Neelamraju
 
Submerged Combustion, Explosion Flame Combustion, Pulsating Combustion, and E...
Submerged Combustion, Explosion Flame Combustion, Pulsating Combustion, and E...Submerged Combustion, Explosion Flame Combustion, Pulsating Combustion, and E...
Submerged Combustion, Explosion Flame Combustion, Pulsating Combustion, and E...Ayisha586983
 
Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...
Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...
Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...IJAEMSJORNAL
 
Javier_Fernandez_CARS_workshop_presentation.pptx
Javier_Fernandez_CARS_workshop_presentation.pptxJavier_Fernandez_CARS_workshop_presentation.pptx
Javier_Fernandez_CARS_workshop_presentation.pptxJavier Fernández Muñoz
 
Detection&Tracking - Thermal imaging object detection and tracking
Detection&Tracking - Thermal imaging object detection and trackingDetection&Tracking - Thermal imaging object detection and tracking
Detection&Tracking - Thermal imaging object detection and trackinghadarpinhas1
 

Recently uploaded (20)

ADM100 Running Book for sap basis domain study
ADM100 Running Book for sap basis domain studyADM100 Running Book for sap basis domain study
ADM100 Running Book for sap basis domain study
 
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACHTEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
 
Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...
Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...
Analysis and Evaluation of Dal Lake Biomass for Conversion to Fuel/Green fert...
 
Road Development plans of India-Transportation Engineering
Road Development plans of India-Transportation EngineeringRoad Development plans of India-Transportation Engineering
Road Development plans of India-Transportation Engineering
 
Defining the Clouds for entriprises.pptx
Defining the Clouds for entriprises.pptxDefining the Clouds for entriprises.pptx
Defining the Clouds for entriprises.pptx
 
SOFTWARE ESTIMATION COCOMO AND FP CALCULATION
SOFTWARE ESTIMATION COCOMO AND FP CALCULATIONSOFTWARE ESTIMATION COCOMO AND FP CALCULATION
SOFTWARE ESTIMATION COCOMO AND FP CALCULATION
 
Secure Key Crypto - Tech Paper JET Tech Labs
Secure Key Crypto - Tech Paper JET Tech LabsSecure Key Crypto - Tech Paper JET Tech Labs
Secure Key Crypto - Tech Paper JET Tech Labs
 
Ece technical seminar topic for under graduate.pptx
Ece technical seminar topic for under graduate.pptxEce technical seminar topic for under graduate.pptx
Ece technical seminar topic for under graduate.pptx
 
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptx
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptxTriangulation survey (Basic Mine Surveying)_MI10412MI.pptx
Triangulation survey (Basic Mine Surveying)_MI10412MI.pptx
 
priority interrupt computer organization
priority interrupt computer organizationpriority interrupt computer organization
priority interrupt computer organization
 
Pyrolysis process control: temperature control design and application for opt...
Pyrolysis process control: temperature control design and application for opt...Pyrolysis process control: temperature control design and application for opt...
Pyrolysis process control: temperature control design and application for opt...
 
Ergodomus - LOD 400 Production Drawings Exampes - Copy.pdf
Ergodomus - LOD 400 Production Drawings Exampes - Copy.pdfErgodomus - LOD 400 Production Drawings Exampes - Copy.pdf
Ergodomus - LOD 400 Production Drawings Exampes - Copy.pdf
 
Cost estimation approach: FP to COCOMO scenario based question
Cost estimation approach: FP to COCOMO scenario based questionCost estimation approach: FP to COCOMO scenario based question
Cost estimation approach: FP to COCOMO scenario based question
 
Uk-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Exp...
Uk-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Exp...Uk-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Exp...
Uk-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Exp...
 
Versatile Engineering Construction Firms
Versatile Engineering Construction FirmsVersatile Engineering Construction Firms
Versatile Engineering Construction Firms
 
Introduction to Machine Learning Part1.pptx
Introduction to Machine Learning Part1.pptxIntroduction to Machine Learning Part1.pptx
Introduction to Machine Learning Part1.pptx
 
Submerged Combustion, Explosion Flame Combustion, Pulsating Combustion, and E...
Submerged Combustion, Explosion Flame Combustion, Pulsating Combustion, and E...Submerged Combustion, Explosion Flame Combustion, Pulsating Combustion, and E...
Submerged Combustion, Explosion Flame Combustion, Pulsating Combustion, and E...
 
Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...
Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...
Guardians of E-Commerce: Harnessing NLP and Machine Learning Approaches for A...
 
Javier_Fernandez_CARS_workshop_presentation.pptx
Javier_Fernandez_CARS_workshop_presentation.pptxJavier_Fernandez_CARS_workshop_presentation.pptx
Javier_Fernandez_CARS_workshop_presentation.pptx
 
Detection&Tracking - Thermal imaging object detection and tracking
Detection&Tracking - Thermal imaging object detection and trackingDetection&Tracking - Thermal imaging object detection and tracking
Detection&Tracking - Thermal imaging object detection and tracking
 

(5) OAuth 2.0 Issuing an Access Token

  • 1. OAuth 2.0 ISSUING AN ACCESS TOKEN
  • 2. Successful Response  The authorization server validates the authentication process and issues an access token and optionally a refresh token by making a response with the following parameters:  access_token (REQUIRED)  token_type (REQUIRED) Bearer, MAC, … [case insensitive]  expires_in (RECOMMENDED) the lifetime in seconds  refresh_token (OPTIONAL)  scope (OPTIONAL)
  • 3. Successful Response - continued  The parameters are included in the body of the HTTP Response using “application/json” media type.  The parameters are serialized into JSON by adding each parameter at the highest structure level.  Parameter names and string values are represented as JSON strings  Numerical values are represented as JSON numbers  The order of parameters does not matter  The Authorization Sever must include the HTTP “Cache-Control” response header field with the value “no-store” in any response containing tokens, credentials, or any other sensitive information  The Authorization Server must also include “Pragma” in the response header field with a value of “no-cache”
  • 4. Successful Response - continued Example: HTTP/1.1 200 OK Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "access_token":"2YotnFZFEjr1zCsicMWpAA", "token_type":"example", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter":"example_value" }
  • 5. Successful Response - continued  The client must ignore the unknown values / parameters in the response.  The client should avoid making assumptions about the value sizes
  • 6. Error Response  The Authorization Server responds with a HTTP 400 (Bad Request) status code and includes the following parameters:  error (REQUIRED) A single ASCII error code from the following: invalid_request, unauthorized_client, access_denied, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable  error_description (OPTIONAL) human readable ASCII error message with additional information  error_uri (OPTIONAL) URI of an error web page
  • 7. Error Response - continued  The parameters are included in the HTTP response using “application/json” media type Example: HTTP/1.1 400 Bad Request Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "error":"invalid_request" }