TOKENS are :
- generated by Authorization (Auth) server
- issued when client requests Auth server
2 types of Tokens
1. ACCESS TOKEN
- sent by client as request param / header to Resource server
- have Limited lifetime / Expiry time (defined by Auth server)
2. REFRESH TOKEN
- issued with Access token but not sent in each request from client to Resource server
- sent to Auth server to renew Access token when it expires
No comments:
Post a Comment
Note: only a member of this blog may post a comment.