Bootstrap FreeKB - OAuth - What is an OAuth Token
OAuth - What is an OAuth Token

Updated:   |  OAuth articles

OAuth is a way to reduce the number of times that I client must authenticate to a system while also being able to provide the client with secured data or information.

Typically, this is done by issuing an initital request to the oAuth system with some sort of authentication data, such as a username and password (but this doesn't necessarily have to be a username and password), requesting a token from the oAuth system. If the username and password is valid for the oAuth system, the oAuth system should respond with a token.


Then, in subsequent requests to the systems that are configured to use the token for authentication and authorization, the token is presented instead of the username and password. The system should contain logic to know if the token is valid and to also know what resources the requestor is permitted access to. Assuming the requestor is requesting a resource the token allows, the serving system should provide the client with the resource.


One common way this is done is with the curl command (on a Linux system). You will almost always issue a POST request to the OAuth system with some sort of data, such as a username and password, to get the tokens from the OAuth system.

--request POST 
--data '{ "Username": "john.doe", "Password": "itsasecret" }' 
--header "Content-Type: application/json" 


Something like this should be returned. In this example, "abc123" is the access token (also known as the Bearer token) and xyz987 is the refresh token.



You would then issue a command like this, using the access token.

--request GET 
--header "Authorization: Bearer abc123" 
--header "Accept: application/json" 
--url ""



Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Add a Comment

Please enter 63c5d5 in the box below so that we can be sure you are a human.