Token types
This describes the types of tokens issued by Mosaic, how to obtain them, and other usage details.
| Tokens | Used to | Obtained | Consumed by | Default TTL |
|---|---|---|---|---|
| ID tokens | Identify users and get their profile data | Returned upon user authentication | App | 1 hour |
| User access tokens | Grant user access to your app or authorize Mosaic actions that require a logged-in user | Returned upon user authentication | App and Mosaic | 1 hour |
| Client access tokens | Authorize app-level management actions (magic link auth, updating user profiles, etc.) | Generated using end-user app client creds | Mosaic | 1 hour |
| Admin access tokens | Authorize backend services to perform tenant-level management actions (retrieving all users, etc.) | Generated using management app client creds | Mosaic | 1 hour |
| Refresh tokens | Renew expired tokens for offline access | Returned upon user authentication | Mosaic | 14 days |
| Reset tokens | Reset passwords | Returned when user authenticates for a reset flow | Mosaic | 5 min |