RFC6750

The OAuth 2.0 Authorization Framework: Bearer Token Usage

This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). This document is an officially published standard.

Full text: https://tools.ietf.org/html/rfc6750

Deprecated Features

This document deprecates a number of OAuth features. The OAuch tests related to these deprecated features are:

• Features.TokenAsQueryParameterTest

Countermeasures

This document introduces a number of security countermeasures for OAuth. The OAuch tests related to these countermeasures are:

• ApiEndpoint.SupportsAuthorizationHeaderTest
• ApiEndpoint.CacheControlTest
• ApiEndpoint.IsHttpsRequiredTest
• ApiEndpoint.HasValidCertificateTest
• ApiEndpoint.IsModernTlsSupportedTest
• AuthEndpoint.HasValidCertificateTest
• AuthEndpoint.IsModernTlsSupportedTest
• AuthEndpoint.IsHttpsRequiredTest
• TokenEndpoint.HasValidCertificateTest
• TokenEndpoint.IsModernTlsSupportedTest
• TokenEndpoint.IsHttpsRequiredTest
• Tokens.TokenTimeoutTest

Back to the documents overview