An Access Token is a credential that can be used by an application to access an API. Access Tokens can be either an opaque string or a JSON web token. They inform the API that the bearer of the token has been authorized to access the API and perform specific actions specified by the scope that has been granted.
Access Tokens should be used as a Bearer credential and transmitted in an HTTP Authorization header to the API.
Depending on how your application needs to use the Access Token, you can:
- Get Access Tokens using any OAuth 2.0-compatible library or you can use one of Auth0's libraries that work with Auth0 endpoints.
- Use Access Tokens either in server-to-server or custom API interactions.
- Add Custom Claims using Rules.
- Set Access Token lifetime.
Access Tokens come in two formats: opaque strings and JSON Web Tokens (JWTs).