Different types of tokens
In this section, we selected an option to choose both the ID token and access token. In authentication and authorization systems, there are three main types of tokens we need to know about:
- Access token: This is a short-lived credential granted to an application after a user successfully logs in. It authorizes the app to access specific resources, such as APIs or services, on behalf of the user. Access tokens are used to make secure requests to these resources, ensuring that only authorized applications can access them.
- ID token: Often used in OIDC, an ID token contains information about the authenticated user, such as their name and email address. It helps verify the user’s identity and is used in single sign-on scenarios, providing user profile data to applications.
- Refresh token: Refresh tokens are long-lived and used to obtain new access tokens once the original one expires. They enable seamless and secure access for extended periods...