Table of Contents

What is an access token?

About

A token is a authentication material

An access token is a token (string) representing an access authorization.

Authentication

Token-based authentication is implemented by:

They carry just enough information to either:

The concept behind using tokens is that you can authenticate to a central authority and then have permissions granted to a separate system without needing to give that system your credentials.

If the server providing the service was compromised, credentials would still be safe, and the attacker would only have access to resources until the token expired. Hence tokens are generally short lived.

Benefits

Security Consideration

Storage

Don't store them in place where third party could have access.

In HTTP:

Usage

Format

Token type Language Size Signature
What is a JWT or JWS token? (Json web signed token) - JSON Web Tokens (JWT) Json Low public/private key
Simple Web Tokens (SWT) Only symmetric
Security Assertion Markup Language Tokens (SAML) Xml High public/private key
bearer Generated or JWT
Hexadecimal nonce String

Access tokens:

This information may live: