The reason most Java libraries for OAuth 2.0 support Bearer token types is because the Bearer token profile provides a simplified authentication scheme. Any user with a Bearer token can use it to access related resources (without demonstrating the presence of a cryptographic key). OAuth 2.0 authorization framework: Bearer Token usage specifications describe the use of Bearer tokens in HTTP requests to access OAuth 2.0 secure resources.
Answer for Bearer Access Current
HTTP/1.1 200 OK Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "access_token":"mF_9.B5f-4.1JqM", "token_type":"Bearer", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA" }
MAC The token profile defines the MAC HTTP access authentication scheme, providing a method for receiving authenticated HTTP requests with partial cryptographic verification of the request, covering the HTTP method, the request URI, and the host. Each definition of an access token type indicates additional attributes ( mac_key , mac_algorithm ) sent to the client along with the access_token response access_token .
HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store { "access_token":"SlAV32hkKG", "token_type":"mac", "expires_in":3600, "refresh_token":"8xLOxBtZp8", "mac_key":"adijq39jdlaska9asud", "mac_algorithm":"hmac-sha-256" }
The access_token or MAC key identifier is a string identifying the MAC key used to compute the MAC request. The string is usually opaque to the client. The server typically assigns a specific area and lifetime to each set of MAC credentials. The identifier may indicate a unique value used to obtain authorization information (for example, from a database) or self-preservation of authorization information in a verifiable way (i.e. a string consisting of some data and a signature).
Scribe is a Java library for OAuth 2.0 with a MAC token profile.
Source: OAuth 2.0 Vs Carrier Token Profile MAC Token Profile