![]() OAuth 2.0 doesn't define a format for access tokens. When a client application needs to access protected resources on a server on behalf of a user, the access token lets the client signal to the server that it has received authorization by the user to perform certain tasks or access certain resources. When a user logins in, the authorization server issues an access token, which is an artifact that client applications can use to make secure calls to an API server. The consumers of ID tokens are mainly client applications such as Single-Page Applications (SPAs) and mobile applications. As such, client applications can use the ID token to build a user profile to personalize the user experience.Īn authentication server that conforms to the OpenID Connect (OIDC) protocol to implement the authentication process issues its clients an ID token whenever a user logs in. For example, the ID token can contain information about the name, email, and profile picture of a user. ![]() Token Types What's an ID token?Īs the name may suggest, an ID token is an artifact that client applications can use to consume the identity of a user. ![]() In the process, we'll see the critical role that refresh tokens play in helping developers build applications that offer convenience without compromising security. Let's explore the three token types that we use with OAuth 2.0 and OpenID Connect to fulfill the authentication and authorization processes of our application systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |