OAuth 2.0 Access Token Response
  • 08 Jul 2024
  • 1 Minute to read
  • Dark
    Light

OAuth 2.0 Access Token Response

  • Dark
    Light

Article summary

Assuming the token request is valid, the RapidIdentity server will return a response like this:

Note

Displayed values have been truncated here for formatting purposes, but the strings listed here should represent actual, usable values when generated in a production environment.

HTTP/1.1 200 OK Content-Type: application/json 
Cache-Control: no-store 
Pragma: no-cache
{
  "access_token": "2YotnFZFEjr1zCsicMWpAA",
  "token_type": "Bearer",
  "expires_in": 7200,
  "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
  
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzc [...]"
}

The ID Token is a JWT which can be plain, signed, encrypted or signed+encrypted. The claims in the ID token are based on the claims which have been configured for the client.

Once an Authorization Code has been exchanged for an Access/ID Token, that Authorization Code may not be used again in the future.

If it attempted to be used again, all Access tokens which have been issued by that Authorization Code will be invalidated.


Was this article helpful?

ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence