For subscribers not utilizing Gobo proxies, the access token can also be passed by other means defined out-of-band as required by your system.
Depending on how Gobo is configured, the access tokens received by an app may either be JSON Web Token or an opaque string. Regardless of the type, all access tokens should be treated as opaque by app developers as there are no guarantees made to their contents.
