Token
A random string generated by PageSeeder and used for authentication or authorization depending on the type of token used.
Access token
Access tokens are issued for OAuth clients on behalf of a member, to access their account through the API. The OAuth client configuration determines which OAuth authorization flow clients can use to get an access token as well as how long the token is valid for.
Built-in security tokens
Security tokens are always associated with a specific user account.
| Type | Purpose | Default lifetime |
|---|---|---|
remember-me | Remember me cookie used for sign-in | 90 days |
activate-member | Account activation | 2 days |
change-email | Change of email address | 12 hours |
reset-password | Reset password flow | 12 hours |
End users can list and revoke any persistent tokens associated with them from their security settings and password page.
The expiration of security tokens can be configured in the organization config. For example:
<security> <token type="activate-member" expiration="P90D" /> <token type="reset-password" expiration="P2DT12H" /> </security>
Other types of token
- Authorization codes – are special types of tokens that are short-lived and single-use.
- ID Token – carries identity information about a user.