Supported Tokens

A token is used to make security decisions to authorize a user and to store tamper-proof information about a system entity.

Oracle Identity Cloud Service supports JSON Web Tokens (JWT). A JWT is a JSON-based open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JSON Web Tokens consist of three parts separated by periods (xxxx.yyyy.zzzz):

• Header. Consists of two parts: the type of token (JWT) and the hashing algorithm being used, such as SHA256

• Payload. Contains the claims (the token data)

• Signature. Consists of the encoded token header and the encoded payload signed with the Oracle Identity Cloud Service private key. The signature is used to verify that the sender of the JWT is who it says it is and ensures that the message wasn't changed along the way.

Oracle Identity Cloud Service supports three different tokens: identity token, access token, and client assertion.

Click a link below to access detailed information on each supported token:

• Identity Token

• Access Token

• Client Assertion