Provided by: libnet-oauth2-perl_0.64-1_all bug


         Net::OAuth2::AccessToken - OAuth2 bearer token


         my $auth    = Net::OAuth2::Profile::WebServer->new(...);

         my $session = $auth->get_access_token($code, ...);
         # $session is a Net::OAuth2::AccessToken object
         {   print $session->error_description;

         my $response = $session->get($request);
         my $response = $session->get($header, $content);
         print $session->to_string;  # JSON

         # probably better to set new(auto_refresh), but you may do:
         $session->refresh if $session->expired;


       This object represents a received (bearer) token, and offers ways to use it and maintain
       it.  A better name for this module would include client or session.

       A "bearer token" is an abstract proof of your existence: different services or potentially
       different physical servers are able to exchange information about your session based on
       this, for instance whether someone logged-in while showing the token.


            -Option           --Default
             access_token       undef
             auto_refresh       <false>
             changed            <false>
             error              undef
             error_description  <value of error>
             error_uri          undef
             expires_at         undef
             expires_in         undef
             profile            <required>
             refresh_always     BOOLEAN
             refresh_token      false
             scope              undef
             token_type         undef

           access_token => STRING
           auto_refresh => BOOLEAN
             Refresh the token when expired.

           changed => BOOLEAN
             [0.52] The token (session) needs to be saved.

           error => STRING
             Set when an error has occurred, the token is not valid.  This is not numerical.

           error_description => STRING
             A humanly readible explanation on the error.  This defaults to the string set with
             the "error" option, which is not nice to read.

           error_uri => URI
             Where to find more details about the error.

           expires_at => TIMESTAMP
             Expire this token after TIMESTAMP (as produced by the time() function)

           expires_in => SECONDS
             Expire the token SECONDS after the initiation of this object.

           profile => Net::OAuth2::Profile object
           refresh_always => BOOLEAN
             [0.53] Auto-refresh the token at each use.

           refresh_token => STRING
             [0.53] Token which can be used to refresh the token, after it has expired or

           scope => URL
           token_type => TYPE
       Net::OAuth2::AccessToken->session_thaw($session, %options)
           Pass in the output of a session_freeze() call in the past (maybe even for an older
           version of this module) and get the token object revived. This $session is a HASH.

           You may pass any of the parameters for new() as %options, to overrule the values
           inside the $session.

            -Option --Default
             profile  <required>

           profile => Net::OAuth2::Profile object


             my $auth    = Net::OAuth2::Profile::WebServer->new(...);
             my $token   = $auth->get_access_token(...);
             my $session = $token->freeze_session;
             # now save $session in database or file
             # restore session
             my $auth    = Net::OAuth2::Profile::WebServer->new(...);
             my $token   = Net::OAuth2::AccessToken->session_thaw($session
               , profile => $auth);

           Returns the (base64 encoded version of the) access token.  The token will get updated
           first, if it has expired and refresh_token is enabled, or when new(auto_refresh) is

           It does not matter that the token is base64 encoded or not: it will always need to be
           base64 encoded during transport.

           [0.58] Sometimes, the token gets attributes which are not standard; they have no
           official accessor (yet?).  You can get them with this generic accessor.

       $obj->changed( [BOOLEAN] )
           [0.52] The session (token) needs to be saved, because any of the crucial parameters
           have been modified and "auto_save" is not defined by the profile.



       When the token is received (hence this object created) it be the result of an error.  It
       is the way the original code was designed...



       $obj->expired( [$after] )
           Returns true when the token has an expiration set and that time has passed.  We use
           this token $after this check: to avoid the token to timeout inbetween, we take (by
           default 15 seconds) margin.

       $obj->expires_at( [$timestamp] )
           Returns the expiration timestamp of this token (true) or "undef" (false) when it is
           not set.

           Returns the number of seconds left, before the token is expired.  That may be

       $obj->update_token( $token, $tokentype, $expires_at, [$refresh_token] )
           Change the token.

           Refresh the token, even if it has not expired yet.  Returned is the new access_token
           value, which may be undef on failure.

           This returns a SESSION (a flat HASH) containing all token parameters which needs to be
           saved to be able to restore this token later.  This SESSION can be passed to
           session_thaw() to get revived.

           The "changed" flag will be cleared by this method.

           Be sure that your storage is character-set aware.  For instance, you probably want to
           set 'mysql_enable_utf8' when you store this in a MySQL database.  Perl's JSON module
           will output utf8 by default.

           Freeze this object into JSON.  The JSON syntax is also used by the OAuth2 protocol, so
           a logical choice to provide.  However, generically, the session_freeze() method


       The token can be encoded in transport protocol in different ways. Using these method will
       add the token to the HTTP messages sent.

       $obj->delete( $uri, [$header, [$content]] )
       $obj->get( $uri, [$header, [$content]] )
       $obj->post( $uri, [$header, [$content]] )
       $obj->put( $uri, [$header, [$content]] )


       This module is part of Net-OAuth2 distribution version 0.64, built on March 21, 2018.


       Copyrights 2013-2018-2018 on the perl code and the related documentation
        by [Mark Overmeer <>] for SURFnet bv, The Netherlands.  For other
       contributors see ChangeLog.

       Copyrights 2011-12 by Keith Grennan.

       This program is free software; you can redistribute it and/or modify it under the same
       terms as Perl itself.  See