This chapter covers
- The purpose of access tokens
- How tokens are issued and validated in an OAuth 2 system
- The roles involved in an OAuth 2/OpenID Connect system
Suppose you work for a large organization and use several tools in your daily work. You use bug tracker apps, apps for documenting your work, apps for registering your time, and so on. In each one, you need to authenticate tools to work with them. Would you use different sets of credentials for these apps? Of course, doing so could work, but this approach would be cumbersome for the user (you), and it would also complicate the purpose of the apps you work with.
For you, the complexity comes from the fact that you’d have to remember the credentials and log in several times in each of the apps you use. For the apps, the added complexity comes from the fact that they’d also need to implement the capability of persisting and protecting the credentials and the actual authentication.