Auth0中的id_token和access_token有什么区别

2022-01-10 00:00:00 oauth jwt javascript auth0 openid

在 Auth0 中,您可以使用 刷新令牌.在这个链接中,我们可以看到很多返回的参数:

In Auth0 you can use refresh tokens. In this link, we can see many returned parameters:

lock.showSignin({
  authParams: {
    scope: 'openid offline_access'
  }
}, function (err, profile, id_token, access_token, state, refresh_token) {
  // store refresh_token
});

显然,access_tokens 可用于检索用户配置文件数据.但这似乎是oauth特有的,我认为auth0使用openid?

Apparently, access_tokens can be used to retrieve user profile data. But this appears to be specific to oauth, and I thought auth0 uses openid?

id_tokenaccess_token有什么区别?

推荐答案

OpenID Connect 建立在 OAuth2 之上.

OpenID Connect is built on top of OAuth2.

  • access_token 可用于调用 Auth0 中的某些 API(例如 /userinfo)或您在 Auth0 中定义的 API.
  • id_token 是 JWT,代表登录用户.您的应用程序经常使用它.
  • refresh_token(仅供移动/桌面应用程序使用)不会过期(但可撤销),它允许您获得新铸造的 access_tokensid_token.
  • An access_token is useful to call certain APIs in Auth0 (e.g. /userinfo) or an API you define in Auth0.
  • An id_token is a JWT and represents the logged in user. It is often used by your app.
  • A refresh_token (only to be used by a mobile/desktop app) doesn't expire (but is revokable) and it allows you to obtain freshly minted access_tokens and id_token.

相关文章