Skip to main content

The OAuth 2.0 Bearer Token Usage over the Constrained Application Protocol (CoAP)

Document Type Replaced Internet-Draft (individual)
Expired & archived
Author Hannes Tschofenig
Last updated 2015-09-09 (Latest revision 2015-03-08)
Replaced by draft-ietf-ace-oauth-authz, draft-ietf-ace-oauth-authz, draft-ietf-ace-oauth-authz, RFC 9200
RFC stream (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-ace-oauth-authz, draft-ietf-ace-oauth-authz
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This specification describes how to use OAuth 2.0 bearer tokens to access protected resources using the Constrained Application Protocol (CoAP). Any party in possession of a bearer token (a "bearer") can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, bearer tokens need to be protected from disclosure in storage and in transport.


Hannes Tschofenig

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)