A token is a authentication material
Token-based authentication is implemented by:
They carry just enough information to either:
The concept behind using tokens is that you can authenticate to a central authority and then have permissions granted to a separate system without needing to give that system your credentials.
If the server providing the service was compromised, credentials would still be safe, and the attacker would only have access to resources until the token expired. Hence tokens are generally short lived.
Token type | Language | Size | Signature |
---|---|---|---|
Authentication - Jwt (Json web token) - JSON Web Tokens (JWT) | Json | Low | public/private key |
Simple Web Tokens (SWT) | Only symmetric | ||
Security Assertion Markup Language Tokens (SAML) | Xml | High | public/private key |