1、token_type 表示token的生成和验证方式,是token的类别
2、可以实现接口自定义
3、主要使用bearer,其他的还有mac,很少用
4、bearer指需要且仅需要核对access_token,就能通过验证(give access to who ever brings the bearer token)
token_type is a parameter in Access Token generate call to Authorization server which essentially represents how an access_token will be generated and presented for resource access calls. You provide token_type in the access token generation call to an authorization server.
If you give Bearer ( Default on most implementation), an access_token is generated and sent back you. Bearer can be simply understood as "give access to who ever brings the bearer token." One valid token and no question asked. On the other hand if you choose Mac and sign_type(default hmac-sha-1 on most implementation), the access token is generated and kept as secret in Key Manager as a attribute, and an encrypted secret is sent back as access_token
Yes you can use your own implementation of token_type, but that might not make much sense as developers will need to follow your process rather than standard implementations of OAuth.
参考资料:
OAuth 2.0 Bearer Token Profile Vs MAC Token Profile
Are there any known Java implementations for OAuth2 'mac' token type?
