oauth2.dev

token_type

IESG

Registry Context

`token_type` is an optional introspection-response field identifying the type of the introspected token.

Technical Summary

RFC 7662 defines `token_type` as an optional top-level introspection-response member whose value uses the OAuth 2.0 token type definition referenced by RFC 6749 Section 5.1. RFC 6749 states that the value is case-insensitive.

When Used

Use when describing or validating the `token_type` member of an OAuth 2.0 token introspection response.

Normative Requirements

Authorization servers

OPTIONAL
1
  1. RFC 7662 - Section 2.2

    Include `token_type` as an optional top-level member identifying the type of the introspected token..

    Condition: when constructing an introspection response

    token_type OPTIONAL. Type of the token as defined in Section 5.1 of OAuth 2.0 [RFC6749].

Validation Guidance

info

Allow `token_type` to be absent from the introspection response.

info

If present, interpret `token_type` using the OAuth 2.0 token type definition referenced by RFC 6749 Section 5.1.

info

Treat the `token_type` value as case-insensitive.

Reference

Details

Entry Id
token_type
Name
token_type
Description
Type of the token
Change Controller
IESG
Reference
RFC7662 - Section 2.2