Supported Tokens

A token is used to make security decisions to authorize a user and to store tamper-proof information about a system entity in an identity domain.

Identity domains support JSON Web Tokens (JWT). A JWT is a JSON-based open standard (RFC 7519) that defines a compact and self-contained way for securely sending information between parties as a JSON object. This information can be verified and trusted because it's digitally signed. JSON Web Tokens consist of three parts separated by periods (xxxx.yyyy.zzzz):

• Header. Consists of two parts: the type of token (JWT) and the hashing algorithm being used, such as SHA256

• Payload. Contains the claims (the token data)

• Signature. Consists of the encoded token header and the encoded payload signed with the identity domain private key. The signature is used to verify that the sender of the JWT is who it says it's and ensures that the message wasn't changed along the way.

Identity domains support three different tokens: identity token, access token, and client assertion.

To access detailed information on each supported token, click any of the following links:

• Identity Token

• Access Token

• Client/User JWT Assertion

For information about token expiration go to:

• Token Expiry Table
• Specifying a Custom Access Token Expiration