jspωiki
Access Token

Overview#

Microsoft Windows Access Token#

Microsoft Windows Access Token that contains the security information for a logon session. The system creates an Access Token when a user logs on, and every process executed on behalf of the user has a copy of the Access Token.

Microsoft Windows Access Token identifies the user, the user's groups, and the user's privileges. The system uses the Access Token for Access Control to Protected Resources and to control the ability of the user to perform various system-related operations on the local computer.

There are two kinds of Microsoft Windows Access Token:

The system uses an Access Token for Identification of the user when a thread interacts with a securable object or tries to perform a system task that requires privileges.

Access Token contain the following information:

OAuth 2.0 Access Token#

In OAuth 2.0, Access Token is a Long-lived Token issued to the OAuth Client by the Authorization Server.

Access Token Used in conversation between OAuth Client and Resource Server

The Resource Owner involved in authorization decision

The OAuth 2.0 Audience Information add an additional "audience" parameter to the Access Token

You maybe wondering Why Access Tokens?

Contents#

Access Token in OAuth 2.0 the type is not specified other than that the Access Token is a Bearer Token.

Access Token in OpenID Connect the type (typ) is specified in the Access Token

{
  "alg": "RS256",
  "typ": "JWT"
}
.
{
  "iss": "https://example.auth0.com/",
  "aud": "https://api.example.com/calandar/v1/",
  "sub": "usr_123",
  "scope": "read write",
  "iat": 1458785796,
  "exp": 1458872196
}

OAuth Confidential Client, OAuth Public Client and access Token#

OAuth Confidential Client authenticate to the Token_endpoint. and not the Authorization_endpoint where as OAuth Public Clients obtain Access Token form the Authorization_endpoint.

OAuth Parameters Registry for Access Token#

More Information#

There might be more information for this subject on one of the following: