A random string generated by PageSeeder and used for authentication or authorization depending on the type of token used.
Access tokens are issued for OAuth clients on behalf of a member to access their account through the API. The OAuth client configuration determines which OAuth authorization flow clients can use to get an access token as well as how long the token is valid for.
Built-in security tokens
Security tokens are always associated with a specific user account.
|Remember me cookie used for sign-in||90 days|
|Account activation||2 days|
|Change of email address||12 hours|
|Reset password flow||12 hours|
End users can list and revoke any persistent tokens associated with them from their security settings page.
The expiration of security tokens can be configured in the organization config. For example:
<security> <token type="activate-member" expiration="P90D" /> <token type="reset-password" expiration="P2DT12H" /> </security>
Other types of token
- Authorization codes – are special types of tokens that are short-lived and single-use.
- ID Token – carry identity information about a user.