Different Tokens

Tokens are artifacts that allow application systems to perform the authorization and authentication process.

link - learn.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-acquire-token?tabs=javascript2 

OpenID Connect (OIDC)

OpenID Connect (OIDC) is an identity protocol that performs user authentication, user consent, and token issuance. OIDC uses ID Tokens.
The Open ID Connect protocol is built on top of OAuth 2.0.


OAuth 2.0

OAuth 2.0 is one of the most popular authorization frameworks out there.
It is designed to allow an application to access resources hosted by other servers on behalf of a user.
OAuth 2.0 uses Access Tokens and Refresh Tokens.


Identity Tokens

Also known as ID tokens or Profile tokens.
Implements the Open ID Connect protocol, which is built on top of OAuth 2.0.
Authentication
Used to validate that a user is who they say they are.
An ID token will contain information about the name, email, and profile picture of a user.
Client applications can use the ID token to build a user profile to personalize the user experience.
An authentication server that conforms to the OpenID Connect (OIDC) protocol to implement the authentication process issues its clients an ID token whenever a user logs in.
The consumers of ID tokens are mainly client applications such as Single-Page Applications (SPAs) and mobile applications.

link - learn.microsoft.com/en-us/azure/active-directory/develop/id-tokens 

Access Tokens

Implements the OAuth 2.0 protocol.
Authorisation
An access token is a bearer token. If you have the token you can use it.
Allows the bearer of the token to make a secure call to an API server.
Only valid for 1 hour.
When a client application needs to access protected resources on a server on behalf of a user, the access token lets the client signal to the server that it has received authorization by the user to perform certain tasks or access certain resources.
OAuth 2.0 doesn't define a format for access tokens.
Once an access token expires, the client application could prompt the user to log in again to get a new access token.
Alternatively, the authorization server could issue a refresh token to the client application that lets the client "refresh" the expired access token with a new one.

link - learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens 

Refresh Tokens

Used to obtain a renewed access token.
A refresh token is a credential artifact that lets a client application get new access tokens without having to ask the user to log in again.

link - learn.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens 


© 2023 Better Solutions Limited. All Rights Reserved. © 2023 Better Solutions Limited TopPrevNext