If you are using any OAuth secured API like facebook graph API or any of the google APIs, then you might be using an official client library provided by that API to make secure requests.
Have you ever tried to check how those requests are actually authenticated? This quick tip will help you understand that and also learn how to make those requests.
Every OAuth request is authenticated with the help of an access token, Every client library just makes an https request to its API along with the access token.
But how to send the access token in the request? Access token has to be sent in the request header named
Authorization in the following syntax :
Bearer space accessToken
so that header looks like
Authorization: Bearer NsT5OjbzRn410zqLQgV3Ia
Practical use case:
I was working on a web app which uses google sign in and an API hosted on google app engine. To check if the API call is actually made by that particular google user, we used access tokens to make authenticated requests to our API and verify the identity of the user.