OAuth 2.0 - Access Token Response


Access token is a type of token that is assigned by the authorization server. The authorization server issues the access token if the access token request is valid and authorized. If the token access request is invalid or unauthorized, then the authorization server returns an error response.

The access token is given by the authorization server when it accepts the client ID, client password and authorization code sent by the client application. Once the user receives the token, it can be sent to the access resources such as Facebook, Google, etc. to access the resources in the system, related to the logged in users.

The access token response contains the following JSON structure.

   "access_token"  : ". . .",
   "token_type"    : ". . .",
   "expires_in"    : ". . . ",
   "refresh_token" : ". . .",
  • access_token − It is a required parameter in which the authorization server accesses the token.

  • token_type − It is a required parameter which is assigned by the authorization server and specifies the type of token.

  • expires_in − It is a recommended parameter that specifies the duration of access token expiry.

  • refresh_token − It provides a refresh token, if the access token expires, to get the new access token using the authorization grant.