Are OAuth2 bearer tokens signed?

It may be a stupid or naive question, but: Are OAuth2 bearer tokens signed?

To put it in other words: Is the consumer able to verify whether the bearer token was issued by a specific authorization server?

No. But there are efforts under way to fix this. HTTPS ensures the token was transmitted securely, but it doesn't tell you who issued the token.

Actually you have to use oauth over https which is going to be responsable of signing

来源：https://stackoverflow.com/questions/16065497/are-oauth2-bearer-tokens-signed

标签

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!