-
Book Overview & Buying
-
Table Of Contents
Mastering OAuth 2.0
By :
Use these pages as reference documentation when requesting access to a protected resource in your application. Adapted from The OAuth 2.0 Authorization Framework: Bearer Token Usage specification [RFC 6750].

Figure 1 from RFC 6750
The workflow for accessing a protected resource is described by steps (E) and (F), detailed as follows:
E: The client requests the protected resource from the resource server and authenticates by presenting the access token.
F: The resource server validates the access token, and if valid, serves the request.
When sending the access token in a protected resource access request using the authorization request header field method, an Authorization header must be added with its value set as the token type, which is bearer, followed by the token value.
An example of a protected resource access request using this method is:
GET /resource HTTP/1.1
Host: server.example.com...