Auth0中id_token和access_token的区别是什么 [英] What is the difference between id_token and access_token in Auth0
本文介绍了Auth0中id_token和access_token的区别是什么的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
在Auth0中,您可以使用刷新令牌。在此链接中,我们可以看到许多返回的参数:
In Auth0 you can use refresh tokens. In this link, we can see many returned parameters:
lock.showSignin({
authParams: {
scope: 'openid offline_access'
}
}, function (err, profile, id_token, access_token, state, refresh_token) {
// store refresh_token
});
显然,access_tokens 可用于检索用户配置文件数据。但这似乎是特定于oauth,我认为auth0使用openid?
Apparently, access_tokens can be used to retrieve user profile data. But this appears to be specific to oauth, and I thought auth0 uses openid?
id_token
之间有什么区别?和 access_token
?
What is the difference between id_token
and access_token
?
推荐答案
OpenID Connect构建于OAuth2之上。
OpenID Connect is built on top of OAuth2.
-
access_token
对于调用Auth0中的某些API很有用(例如/ userinfo
)或您在Auth0中定义的API。 -
id_token
是< a href =http://jwt.io =noreferrer> JWT 并代表登录用户。它通常由您的应用使用。 - A
refresh_token
(仅供移动设备使用/桌面应用程序)不会过期(但可以撤销),它允许您获得刚刚铸造的access_tokens
和id_token
。
- An
access_token
is useful to call certain APIs in Auth0 (e.g./userinfo
) or an API you define in Auth0. - An
id_token
is a JWT and represents the logged in user. It is often used by your app. - A
refresh_token
(only to be used by a mobile/desktop app) doesn't expire (but is revokable) and it allows you to obtain freshly mintedaccess_tokens
andid_token
.
这篇关于Auth0中id_token和access_token的区别是什么的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文