OAuth 2.0 draft 12を読まれた方の中では、この文言が気になった方もいるのではと思います。 while the "mac" token type defined in [I-D.hammer-oauth-v2-mac-token] is utilized by issuing a token secret together with the access token which is used to sign certain components of the HTTP requests: GET /resource/1 HTTP/1.1 Host: example.com Authorization: MAC token="h480djs93hd8", timestamp="137131200", nonce="dj83hs9s", signature="kDZvddknd