Connected App Access Token Object

An Access Token is a credential used to access protected resources. An access token represents an authorization issued to a particular Connected App Client by a Stytch User. Access Tokens are issued by the Token Endpoint automatically at the end of every successful OAuth flow. Access Tokens embed the authorization granted to a Connected App Client within the scope field. Stytch supports the standard OpenID scopes: openid, profile, email, phone, and offline_access. Access tokens granted to Connected App clients are JWTs (JSON Web Tokens) signed by your Stytch project’s JWKS (JSON Web Key Set) using the RS256 algorithm. They can be validated locally by using a Stytch Backend SDK, or any library that supports the JWT protocol.

Fields

iss

string

The issuer of the token. By default, this is your project’s Custom Domain, or stytch.com/${projectId} if the token was retrieved using the stytch.com domain. See the Custom Domain guide for more information.

sub

string

The subject of the token. This is a unique identifier for the user.

aud

string

The audience (client_id) that the token is intended for. Additional custom audiences can be defined for the token by setting the access_token_custom_audience parameter on the client object.

exp

number

The expiration time of the token, expressed as a Unix timestamp.

nbf

number

The time before which the JWT must not be accepted for processing, expressed as a Unix timestamp.

iat

number

The time at which the token was issued, expressed as a Unix timestamp.

jti

string

A unique identifier for the JWT.

scope

string

A space separated list of scopes granted to the client. For example, read:users write:users.

​Fields

Fields