RapidIdentity Product Guide: New UI

Token Response

Assuming the token request is valid, the RapidIdentity server will return a response like this:

HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache

Note

Displayed values have been truncated here for formatting purposes, but the strings listed here should represent actual, usable values when generated in a production environment.

HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: 
    no-cache
{
  "access_token": "SlAV34hkKG",
  "token_type": "Bearer",
  "refresh_token": "8xLOxBtZp8",
  "expires_in": 3600,
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzc [...]"
}

The ID Token is a JWT which can be plain, signed, encrypted or signed+encrypted. The claims in the ID token are based on the claims which have been configured for the client.

Once an Authorization Code has been exchanged for an Access/ID Token, that Authorization Code may not be used again in the future.

If it attempted to be used again, all Access tokens which have been issued by that Authorization Code will be invalidated.