Tokens

There are primarily two types of tokens related to identity; ID tokens and Access tokens.

ID Tokens

ID tokens are JSON web tokens (JWT) that an application uses to retrieve information about a user. You shouldn’t use ID tokens when calling an API.

Access Tokens

Access tokens are used when calling an API to prove that the bearer of the token is allowed to call the API and what parts of the API is allowed to be used by the consumer.

Special Tokens

Refresh tokens is a special token, used to renew an access token without forcing the user to re-authenticate.