HomeIdentity Security Encyclopedia › OAuth Token

OAuth Token

An OAuth token is a cryptographic credential issued through the OAuth 2.0 framework that grants an application access to specific resources on behalf of a user or as a machine identity — without exposing the user's actual credentials.

IAM NHI Token Protocol

❓ What is OAuth Token?

An OAuth token is a cryptographic credential issued through the OAuth 2.0 framework that grants an application access to specific resources on behalf of a user or as a machine identity — without exposing the user's actual credentials.

⚙️ How Does It Work?

Access tokens are short-lived (typically 1 hour) and scoped to specific permissions. Refresh tokens allow applications to obtain new access tokens without re-authentication. Both types must be stored securely to prevent theft.

📍 Where Is It Used?

SaaS integrations, API authorization, mobile apps, CI/CD pipelines, any application needing delegated or machine access to APIs.

💡 Real-World Example

A CI/CD pipeline uses a long-lived OAuth refresh token to push code to GitHub on behalf of a service account. The token leaks via a misconfigured log file, giving attackers persistent access to all repositories. Mitigation: use short-lived tokens, scope to minimum permissions, and rotate regularly.

🔗 Related Terms

OAuth OIDC JWT Non-Human Identity API Key Secrets Management
← Non-Human IdentityOffboarding →

Stay Ahead in Identity Security

Get weekly IAM, PAM & IGA insights delivered to your inbox via Identity Pulse.

Subscribe to Identity Pulse →
Scroll to top