Tokens
The OneWelcome Identity Platform issues tokens that can be used in all kinds of scenarios.
Token types
-
JSON Web Tokens (JWT) conform to the JSON Web Token standard. A JWT contains information about an identity in the form of claims. JWTs are self-contained, which means that it is not necessary for the party that receives the token to call a server to validate the token, or read the claims to get additional information about the token.
-
Opaque tokens use a proprietary format. Basically, the token is a random string that identifies information in a server’s persistent storage. To validate an opaque token, the party that receives the token must call the issuer, which is the OneWelcome Identity Platform.
Tokens issued by the OneWelcome Identity Platform
The OneWelcome Identity Platform issues a number of different tokens, each with a different use. All these tokens are issued as part of the OAuth or OpenID Connect specifications.
ID token
The ID token, is a JSON Web Token (JWT) that contains user profile attributes represented in the form of claims. An ID Token is intended for an application, which is called a relying party in Open ID Connect. An ID token contains user information, such as the user's name, email, and so on. It is used to verify the user's identity and whether they have authenticated correctly and should get access to the application.
Access token
The access token is a credential that an application (OAuth Client or OpenID Connect relying party) can use to access an API.
Refresh token
The refresh token is a long-lived token that is used to obtain a new access token when a previous one has expired.
