Mock OAuth Token API Response
Generate a mock OAuth 2.0 token endpoint response with access token, refresh token, expiry, and token type. Test authentication flows.
Testing Patterns
Detailed Explanation
OAuth 2.0 Token Response
The OAuth token endpoint response is a critical part of any authentication flow. This mock generates a realistic token response following the OAuth 2.0 RFC 6749 specification.
Response Structure
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4...",
"scope": "read write profile"
}
Field Descriptions
| Field | Required | Description |
|---|---|---|
access_token |
Yes | The token used to authenticate API requests |
token_type |
Yes | Almost always "Bearer" |
expires_in |
Recommended | Lifetime in seconds |
refresh_token |
Optional | Used to obtain a new access token |
scope |
Conditional | Space-separated list of granted scopes |
Token Lifecycle
- Client requests token from
/oauth/tokenwith credentials - Server returns access token and refresh token
- Client uses access token in
Authorization: Bearer <token>header - When access token expires, client uses refresh token to get a new one
- If refresh token is revoked or expired, user must re-authenticate
Testing Auth Flows
This mock is useful for testing:
- Token storage (secure HTTP-only cookies vs localStorage)
- Automatic token refresh before expiry
- Handling expired tokens (401 response)
- Scope-based feature toggling in the UI
Use Case
Frontend developers implementing OAuth 2.0 authentication flows can use this mock to test token handling, refresh logic, and protected route access without setting up a real authorization server.