Term · 25. Access Control — Additional Terms
Access Token AT
Definition
Access token (AT) is an OAuth or similar authorization artifact that represents the client’s delegated access rights to specific protected resources, typically including scope, audience and expiry, and is presented to a resource server instead of user credentials.[6][9] In modern implementations an access token is often encoded as a structured security token such as a JWT or SAML assertion, but it may also be an opaque string whose semantics are only understood by the authorization server and resource server.[4][8] In midPoint integrations, access tokens commonly take the form of JWT- or SAML-based bearer tokens used to authenticate API calls and convey authorization claims between midPoint and external systems.[1][7]
Related terms
-
DPoP (Demonstration of Proof of Possession) (DPoP)
Demonstration of Proof-of-Possession — IETF RFC 9449, OAuth 2.0 mechanism binding an access token to a private key held …
-
Electronic Signature
An electronic signature is electronic data that is logically associated with other electronic data and used by a signato …
-
FAPI 2.0 (Financial-grade API) (FAPI 2.0)
OpenID Foundation Financial-grade API Security Profile 2.0 — high-security authorization profile for financial APIs (ope …
-
Kerberos
Network authentication protocol developed at MIT (Kerberos v5: IETF RFC 4120, 2005) using symmetric-key cryptography and …
-
mTLS (mutual TLS) (mTLS)
Mutual TLS — both client and server authenticate each other via certificates during TLS handshake. RFC 8705 specifies OA …
-
OAuth 2.1 (OAuth 2.1)
IETF draft consolidating OAuth 2.0 (RFC 6749) with security best practices and deprecating insecure patterns: removes im …