Skip Navigation

Token lifecycle

An access token should be used only once per request. This means the same token should not be usable for more than one request to prevent impersonation attempts. The jti attribute uniquely identifies the token. It can be used to keep track of all the tokens and prevent them from being reused. To ensure that the access token can be used only once, an expiration is enforced on the token. This means the token is usable within a ten minutes or less.