/var/logmarcus chiu

Token Classes

Created on · Last Modified on

refer to Actors

Authentication/Authorization Token intended for the Application Client to be able to access other token(s) from the Security Token Service (STS). tokens such as:

  • Access Token
  • Refresh Token
  • ID Token

Token Class

Description

Access Token
  • intended for the Application Client to make secured API calls to the Resource Holder (on behalf of Resource Owner)
  • like a session
  • a type of “by-reference/opaque token”

Refresh Token
  • intended for the Application Client to obtain a new Access Token from the Security Token Service (STS)
  • like a password
  • a type of “by-reference/opaque token”

ID Token
  • intended for the Application Client to know about the Resource Owner
  • introduced in OpenID Connect (OIDC)
  • a type of “by-value token”, unlike Access Tokens and Refresh Tokens that are opaque to the client, ID Tokens contains information about the resource owner for the client