Security/Guidelines/OpenID Connect: Difference between revisions

Jump to navigation Jump to search

Security/Guidelines/OpenID Connect (view source)

Revision as of 17:54, 14 November 2016

25 bytes added ,  14 November 2016
→‎OIDC tokens reference table
Line 100: Line 100:
! '''Access token'''
! '''Access token'''
| A string containing a unique secret token (like an API key).
| A string containing a unique secret token (like an API key).
| It has specific permissions and is used to get data from an API. It expire quickly, typically within 24 hours.
| The Access token has specific permissions and is used to get data from an API. It expire quickly, typically within 24 hours.
|-
|-
! '''Refresh token'''
! '''Refresh token'''
| A string containing a unique secret token (like an API key).
| A string containing a unique secret token (like an API key).
| Enables the bearer of the Refresh token to request and obtain new Access tokens. These newly obtained access tokens have a subset of the permissions that the Refresh token has. The Refresh token never expires.
| The Refresh token enables it's bearer to request and obtain new Access tokens. These newly obtained access tokens have a subset of the permissions that the Refresh token has. The Refresh token never expires.
|-
|-
! '''ID token'''
! '''ID token'''
| Base64-encoded JSON document ([https://jwt.io/ JWT])
| Base64-encoded JSON document ([https://jwt.io/ JWT])
| Contains information about how and when the user authenticated along with various attributes. ID tokens are created and signed by OpenID Connect Providers (OP) and consumed, verified by web applications authenticating users (RPs).
| The ID token contains information about how and when the user authenticated along with various attributes. ID tokens are created and signed by OpenID Connect Providers (OP) and consumed, verified by web applications authenticating users (RPs).
|-
|-
|}
|}
Gdestuynder
Confirmed users
502

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1154597"

Navigation menu