Access Token and ID Token

  • ID Token contains the payloads about the end user, such as email address, username, etc
  • Access Token is allow access to certain defined server resources
  • Don’t use ID token for authorization, must NOT use an ID token to call the API

Access Token and Refresh Token

  • For the security purpose, access token may be valid for a short amount of time