Auth0中id_token和access_token的区别是什么 [英] What is the difference between id_token and access_token in Auth0

问题描述

在Auth0中，您可以使用刷新令牌。在此链接中，我们可以看到许多返回的参数：

In Auth0 you can use refresh tokens. In this link, we can see many returned parameters:

lock.showSignin({
  authParams: {
    scope: 'openid offline_access'
  }
}, function (err, profile, id_token, access_token, state, refresh_token) {
  // store refresh_token
});

显然，access_tokens 可用于检索用户配置文件数据。但这似乎是特定于oauth，我认为auth0使用openid？

Apparently, access_tokens can be used to retrieve user profile data. But this appears to be specific to oauth, and I thought auth0 uses openid?

id_token 之间有什么区别？和 access_token ？

What is the difference between id_token and access_token?

推荐答案

OpenID Connect构建于OAuth2之上。

OpenID Connect is built on top of OAuth2.

• access_token 对于调用Auth0中的某些API很有用（例如 / userinfo ）或您在Auth0中定义的API。


• id_token 是< a href =http://jwt.io =noreferrer> JWT 并代表登录用户。它通常由您的应用使用。


• A refresh_token （仅供移动设备使用/桌面应用程序）不会过期（但可以撤销），它允许您获得刚刚铸造的 access_tokens 和 id_token 。

• An access_token is useful to call certain APIs in Auth0 (e.g. /userinfo) or an API you define in Auth0.
• An id_token is a JWT and represents the logged in user. It is often used by your app.
• A refresh_token (only to be used by a mobile/desktop app) doesn't expire (but is revokable) and it allows you to obtain freshly minted access_tokens and id_token.

这篇关于Auth0中id_token和access_token的区别是什么的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！