Tokens are hardware or software entities that demonstrate someone’s right to take specific actions on particular objects. In the context of authorization and authentication, the token represents the client’s entitlement to access a specific resource, which makes it an essential tool for consuming APIs.
There are a number of token classifications and types. Depending on what you want to achieve with your token, you can select a particular token type. Each token type has its own characteristics and purpose(s), for example, software tokens (two-factor authentication security tools for authorizing the use of computer services) or session tokens (unique identifiers of interaction sessions).
Tokens in Cloudentity
In Cloudentity, tokens are configurable per workspace (authorization server). You can preview and modify tokens settings for a particular workspace by entering the workspace and navigating to Auth Server > Tokens.
In the Tokens view, you can set up
Access token type: JSON WEB TOKEN (JWT) or Opaque (depending on what structure and readability you need for your token)
Time to live: How long your tokens are going to last
In the sections that follows, you will get familiar with token types that are relevant in the context of security protection for applications and APIs. They are