Tokens

Tokens

After successful sign-in, Identity issues:

• id_token
• access_token
• refresh_token

ELI5: what this means

Think of these as three different passes:

• id_token: your name badge ("who am I?").
• access_token: your short-lived door pass ("can I access this now?").
• refresh_token: your renewal slip ("give me a new door pass without signing in again").

If you lose any of them, treat it like losing a key card.

Handling guidance

• Treat all tokens as secrets.
• Keep refresh tokens in secure storage only.
• Use short access-token TTL with refresh.