Which method of account authentication does OAuth 2.0 within REST APIs?
A . username/role combination
B . access tokens
C . cookie authentication
D . basic signature workflow
The most common implementations of OAuth (OAuth 2.0) use one or both of these tokens:
+ access token: sent like an API key, it allows the application to access a user’s data; optionally, access tokens can expire.
+ refresh token: optionally part of an OAuth flow, refresh tokens retrieve a new access token if they have expired. OAuth2 combines Authentication and Authorization to allow more sophisticated scope and validity control.