0Pricing
OAuth2 & OpenID Connect Deep Dive · Lesson

Access Tokens, Refresh Tokens & Scopes

Understand the tokens OAuth2 issues, how refresh tokens keep sessions alive, and how scopes limit what a token can do.

Tokens Are the Currency of OAuth2

After a successful flow, OAuth2 hands the client a token instead of the user's credentials. The client presents this token to the resource server to access protected data.

The Access Token

An access token is a short-lived credential proving the client may call an API on the user's behalf. It is sent on each request, usually in the Authorization header.

GET /api/profile
Authorization: Bearer eyJhbGciOi...

All lessons in this course

  1. OAuth2: The Delegation Protocol
  2. OAuth2 Roles & Terminology
  3. Core Grant Types Overview
  4. Access Tokens, Refresh Tokens & Scopes
← Back to OAuth2 & OpenID Connect Deep Dive