...
Token Type | Usage | Expiration | Token Size (Estimated) |
|---|---|---|---|
Access Token | A JWT token used to access protected resources. | 1 hr | 2kb - 4kb |
Refresh Token | An encrypted bearer token used to get another access token to extend the user session without interruption. (Not a JWT) | 30 days | 500b - 2kb |
ID Token | A JWT token containing data claims (fields) such as UAID. | No expiration | 500b - 1Kb |
Best Practices
There is much debate surrounding OAuth 2.0 and storage of tokens. The size of the tokens and usage give clues to how a client app should handle the usage of the tokens.
...