This is the final object in the OAuth dance - it encapsulates the app, the endpoint, other parameters and the received credentials. It is a reference class so that it can be seamlessly updated (e.g. using $refresh()) when access expires.

oauth2.0_token(endpoint, app, scope = NULL, user_params = NULL,
  type = NULL, use_oob = getOption("httr_oob_default"),
  oob_value = NULL, as_header = TRUE, use_basic_auth = FALSE,
  cache = getOption("httr_oauth_cache"), config_init = list(),
  client_credentials = FALSE, credentials = NULL,
  query_authorize_extra = list())



An OAuth endpoint, created by oauth_endpoint()


An OAuth consumer application, created by oauth_app()


a character vector of scopes to request.


Named list holding endpoint specific parameters to pass to the server when posting the request for obtaining or refreshing the access token.


content type used to override incorrect server response


if FALSE, use a local webserver for the OAuth dance. Otherwise, provide a URL to the user and prompt for a validation code. Defaults to the of the "httr_oob_default" default, or TRUE if httpuv is not installed.


if provided, specifies the value to use for the redirect_uri parameter when retrieving an authorization URL. Defaults to "urn:ietf:wg:oauth:2.0:oob". Requires use_oob = TRUE.


If TRUE, the default, configures the token to add itself to the bearer header of subsequent requests. If FALSE, configures the token to add itself as a url parameter of subsequent requests.


if TRUE use http basic authentication to retrieve the token. Some authorization servers require this. If FALSE, the default, retrieve the token by including the app key and secret in the request body.


A logical value or a string. TRUE means to cache using the default cache file .httr-oauth, FALSE means don't cache, and NA means to guess using some sensible heuristics. A string means use the specified path as the cache file.


Additional configuration settings sent to POST(), e.g. user_agent().


Default to FALSE. Set to TRUE to use Client Credentials Grant instead of Authorization Code Grant. See


Advanced use only: allows you to completely customise token generation.


Default to list(). Set to named list holding query parameters to append to initial auth page query. Useful for some APIs.


A Token2.0 reference class (RC) object.


See Token() for full details about the token object, and the caching policies used to store credentials across sessions.

See also