OAuth
Access Token and ID Token
- ID Token contains the payloads about the end user, such as email address, username, etc
- Access Token is allow access to certain defined server resources
- Don’t use ID token for authorization, must NOT use an ID token to call the API
Access Token and Refresh Token
- For the security purpose, access token may be valid for a short amount of time