4

I have got a React application and also a backend API server which are hosted separately. I use cognito for authentication. When the user signs in, I receive 3 tokens - id token, access token and refresh token.

I have read that id token is used for authentication while access token is used for authorisation.

I am a bit confused which token (id token or access token) should I use when making API requests to the API server.

Improve this question
1
  • Please see this also Commented Mar 25, 2019 at 13:34

1 Answer 1

Reset to default
3

You should use the access token. It is for authorization. When you check if a user has rights to access resource it is authorization.

Authentication checks the user identity, so it gives you answer to the question - Is this really that user?

These terms should sink in, so read it here once more: Authentication versus Authorization

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.