A random string generated by PageSeeder and used for authentication or authorization depending on the type of token used.
Access tokens are issued for OAuth clients on behalf of a member, to access their account through the API. The OAuth client configuration determines which OAuth authorization flow clients can use to get an access token as well as how long the token is valid for.
Built-in security tokens
Security tokens are always associated with a specific user account.
|Remember me cookie used for sign-in
|Change of email address
|Reset password flow
End users can list and revoke any persistent tokens associated with them from their security settings and password page.
The expiration of security tokens can be configured in the organization config. For example:
<security> <token type="activate-member" expiration="P90D" /> <token type="reset-password" expiration="P2DT12H" /> </security>
Other types of token
- Authorization codes – are special types of tokens that are short-lived and single-use.
- ID Token – carries identity information about a user.