What are the characteristics of an OAuth token?

Question

How many characters long can an oauth access token and oauth access secret be and what are the allowed characters? I need to store them in a d

Answer 1

If you read the spec, it says,

The authorization server issues the registered client a client
identifier - a unique string representing the registration
information provided by the client. The client identifier is not a
secret; it is exposed to the resource owner, and MUST NOT be used
alone for client authentication. The client identifier is unique to
the authorization server.

The client identifier string size is left undefined by this
specification. The client should avoid making assumptions about the
identifier size. The authorization server SHOULD document the size
of any identifier it issues.

Second, Access Token should be sent as header, not as a URL param.

Authorization: Bearer < token>.