===== RFC6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage =====
[[dido:public:ra:xapend:xapend.b_stds:tech:ietf:start| return to the IETF Standards ]]

<table>
<caption>The OAuth 2.0 Authorization Framework: Bearer Token Usage</caption>
| Title                      | The OAuth 2.0 Authorization Framework: Bearer Token Usage |
| Acronym                    | TCP |
| Version                    | 2.0 |
| Document Number            | RFC6750 |
| Release Date               | October 2012  |
| Reference                  | [[https://tools.ietf.org/html/rfc6750]] |
</table>

  : **Note**: The following is an excerpt from the official IETF RFC. It is provided here as a convenience and is not authoritative. Refer to the original document as the authoritative reference.


==== Introduction ====

  : //[[dido:public:ra:xapend:xapend.a_glossary:o:oauth]] enables [[dido:public:ra:xapend:xapend.a_glossary:c:client|clients]] to access protected resources by obtaining an
   access token, which is defined in "The OAuth 2.0 [[dido:public:ra:xapend:xapend.a_glossary:a:authorization]]
   Framework" [RFC6749] as "a string representing an access
   authorization issued to the client", rather than using the resource
   owner's credentials directly.//

  : //[[dido:public:ra:xapend:xapend.a_glossary:t:tokens|Tokens]] are issued to clients by an authorization [[dido:public:ra:xapend:xapend.a_glossary:s:server|server]] with the
   approval of the resource owner.  The client uses the access token to
   access the protected resources hosted by the resource server.  This
   specification describes how to make protected resource requests when
   the OAuth access token is a bearer token.//

  : //This specification defines the use of bearer tokens over HTTP/1.1
   [[https://tools.ietf.org/html/rfc2616 | RFC2616]] using [[dido:public:ra:xapend:xapend.a_glossary:t:tls]] [[https://tools.ietf.org/html/rfc5246 | RFC5246]] to access
   protected resources.  TLS is mandatory to implement and use with this
   specification; other specifications may extend this specification for
   use with other protocols.  While designed for use with access tokens
   resulting from OAuth 2.0 authorization [[https://tools.ietf.org/html/rfc6749 | RFC6749]] flows to access
   OAuth protected resources, this specification actually defines a
   general HTTP authorization method that can be used with bearer tokens
   from any source to access any resources protected by those bearer
   tokens.  The Bearer [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] scheme is intended primarily for
   server authentication using the WWW-Authenticate and Authorization
   HTTP headers but does not preclude its use for proxy authentication.//

/**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
/* To add a discussion page to this page, comment out the line that says 
  ~~DISCUSSION:off~~
*/
~~DISCUSSION:on|Outstanding Issues~~
~~DISCUSSION:off~~