Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Tokens

Clients receive tokens from the authorization server and present them to resource servers to access protected resources. Tokens are created in response to a grant request made to the /token endpoint.

There are two types of tokens, access tokens and refresh tokens. An access token is the basic unit of identity and permission delegation. They are typically short-lived and are presented to resource servers by clients. A refresh token is a long-lived, single-use token which can be traded with the authorization server for a new access token and refresh token.

Most clients do not need to understand the contents of tokens and should treat them as opaque values.

Tip

In most cases, clients should call /iracing/profile to get information about the user.