docs/types/auth.SDK.TokenResponse-1.html
SecurityStandardized token response structure for Auth0 authentication flows
Token Lifetime Management :
Cache tokens according to expires_in value
Rotate refresh tokens using offline_access scope
Revoke compromised tokens immediately
Store tokens in secure, encrypted storage
Never expose in client-side code or logs
type TokenResponse = {
access_token: string;
refresh_token?: string;
id_token: string;
token_type?: string;
expires_in: number;
scope: string;
}
access_tokenrefresh_token?id_tokentoken_type?expires_inscope
access_token: string
Bearer token for API authorization
Optionalrefresh_tokenrefresh_token?: string
Refresh token (requires offline_access scope)
id_token: string
JWT containing user identity claims
Optionaltoken_typetoken_type?: string
Typically "Bearer"
expires_in: number
Token validity in seconds (default: 86400)
scope: string
Granted permissions space
Member Visibility
ThemeOSLightDark
Properties access_tokenrefresh_tokenid_tokentoken_typeexpires_inscope