Activity Forums Salesforce® Discussions State differences between Bearer and OAuth 2 tokens in Salesforce? Reply To: State differences between Bearer and OAuth 2 tokens in Salesforce?

  • saloni gupta

    Member
    August 21, 2017 at 2:02 pm

    Hi aman,

    OAuth 2.0 Bearer Token profile brings a simplified scheme for authentication. This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, bearer tokens need to be protected from disclosure in storage and in transport.

    token_type is a parameter in Access Token generate call to Authorization server which essentially represents how an access_token will be generated and presented for resource access calls. You provide token_type in the access token generation call to an authorization server.

    The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). The client must not use an access token if it does not understand the token type.