The OAuth 2.0 Authorization Framework: Bearer Token Usage
RFC 6750, “The OAuth 2.0 Authorization Framework: Bearer Token Usage”, is a Proposed Standard document published in October 2012 by M. Jones, D. Hardt. It has since been updated by RFC 8996, RFC 9700. The canonical text is published by the RFC Editor.
Abstract
This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, bearer tokens need to be protected from disclosure in storage and in transport. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 6750 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 6749 The OAuth 2.0 Authorization Framework
- RFC 6751 Native IPv6 behind IPv4-to-IPv4 NAT Customer Premises Equipment
- RFC 6748 Optional Advanced Deployment Scenarios for the Identifier-Locator Network Protocol
- RFC 6752 Issues with Private IP Addressing in the Internet
- RFC 6747 Address Resolution Protocol for the Identifier-Locator Network Protocol for IPv4
- RFC 6753 A Location Dereference Protocol Using HTTP-Enabled Location Delivery
- RFC 6746 IPv4 Options for the Identifier-Locator Network Protocol
- RFC 6754 Protocol Independent Multicast Equal-Cost Multipath Redirect