7 Ways an OAuth Access Token is like a Hotel Key Card

Learn 7 things OAuth 2.0 access tokens have in common with a hotel key card.

developer.okta.com

Stephan | Devoxx Belgium 2024: 7 - 11 Oct · Jun 6, 2019 · 10:01 AM UTC

Stephan | Devoxx Belgium 2024: 7 - 11 Oct

@Stephan007

6 Jun 2019

Nice write up! Question: if an authenticated user gets a new/extra role, does the server create a new JWT or is there a way to update the existing token?

Aaron Parecki · Jun 6, 2019 · 7:13 PM UTC

Aaron Parecki · Jun 6, 2019 · 7:13 PM UTC

Aaron Parecki @aaronpk

6 Jun 2019

Replying to @Stephan007 @mraible

if your access tokens are just a reference to a record in a database (the hotel key is just a number, and the doors look up access info in a central server), then you can update the roles in the existing token.

Jun 6, 2019 · 7:13 PM UTC