Tokens

Owned by Kai Bjørnstad (Deactivated)
Last updated: Jul 04, 2019
1 min read

The OAuth2 specification introduces the Access Token and the Refresh Token. The primary extension that OpenID Connect makes to OAuth2 is to enable end-users to be authenticated is the ID Token.

Note that the Oauth2 specification does not define the format of the tokens, but introduces the introspect endpoint for retrieving meta information related to the tokens. OAuth2 considers the tokens opaque to the client.

OpenID Connect on the other hand, defines the basic token format for the ID Token. The ID Token can be extended using custom Claims.

Tokens issued by the Buypass OpenID Provider are described in more detailed here: