What is the difference between id_token and access_token in Auth0

问题

In Auth0 you can use refresh tokens. In this link, we can see many returned parameters:

lock.showSignin({
  authParams: {
    scope: 'openid offline_access'
  }
}, function (err, profile, id_token, access_token, state, refresh_token) {
  // store refresh_token
});

Apparently, access_tokens can be used to retrieve user profile data. But this appears to be specific to oauth, and I thought auth0 uses openid?

What is the difference between id_token and access_token?

回答1:

OpenID Connect is built on top of OAuth2.

An access_token is useful to call certain APIs in Auth0 (e.g. /userinfo) or an API you define in Auth0.
An id_token is a JWT and represents the logged in user. It is often used by your app.
A refresh_token (only to be used by a mobile/desktop app) doesn't expire (but is revokable) and it allows you to obtain freshly minted access_tokens and id_token.

来源：https://stackoverflow.com/questions/31495063/what-is-the-difference-between-id-token-and-access-token-in-auth0

标签

javascript

oauth

openid

jwt

auth0

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!