A token is used to make security decisions to authorize a user and to store tamper-proof information about a system entity.
Header. Consists of two parts: the type of token (JWT) and the hashing algorithm being used, such as SHA256
Payload. Contains the claims (the token data)
Signature. Consists of the encoded token header and the encoded payload signed with the Oracle Identity Cloud Service private key. The signature is used to verify that the sender of the JWT is who it says it is and ensures that the message wasn't changed along the way.
Oracle Identity Cloud Service supports three different tokens: identity token, access token, and client assertion.
Click a link below to access detailed information on each supported token: