Reference pages
Use these pages as reference documentation when requesting access to a protected resource in your application. Adapted from The OAuth 2.0 Authorization Framework: Bearer Token Usage specification [RFC 6750].
An overview of protected resource access
Figure 1 from RFC 6750
The workflow for accessing a protected resource is described by steps (E) and (F), detailed as follows:
E: The client requests the protected resource from the resource server and authenticates by presenting the access token.
F: The resource server validates the access token, and if valid, serves the request.
The authorization request header field
When sending the access token in a protected resource access request using the authorization request header field method, an Authorization header must be added with its value set as the token type, which is bearer, followed by the token value.
An example of a protected resource access request using this method is:
GET /resource HTTP/1.1
Host: server.example.com...
