When building security solutions using OAuth and OpenID Connect (OIDC), we frequently discuss tokens. Sometimes these systems are even referred to as token-based architectures. By Jonas Iggbom.
The article dives into:
- Types of tokens
- Access tokens
- Bearer tokens
- Sender constrained tokens
- Refresh tokens
- ID tokens
- Token formats
- Opaque tokens
- JSON Web Tokens (JWT)
- The best of both worlds
- Phantom tokens
- Split tokens
- Token handler
Tokens play a core role in authorizing access to applications, services and APIs. They also enable secure, flexible and scalable access management. Using tokens means applications don’t have to maintain a static API key or, even worse, hold a username and password. Nice one!
[Read More]