- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hi.
The tokens you get is standard Oauth2 tokens.
The ID Token
is proof that the user has been authenticated and contains information about the user, this token can be used by the client.
The Access Token
allows the client to access resources such as an API, on behalf of the user.
The Refresh Token
is used by the client to get a new Access Token
without having the user to input password again.
Short, you send the Access Token
to your API that validate the token and make a decision on allow/deny. For Example AWS API Gateway HTTP API
comes with built in authoriser for JWT (Ouath2), which simplifies this.
You use the Refresh Token
when your client detects that a Access Token
is no longer valid, you can do this in different ways, checking the valid timestamp or rely on the backend to tell you the token has expired.
I would recommend reading documentation around Oauth2 to get all the details and better understanding.
Hope it helps!
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
Thanks so much for your clarification Jimmy.