M2M tokens
Frontegg supports two types of Machine-to-Machine (M2M) tokens for authentication: Client Credentials Tokens and Access Tokens. These tokens can be used in two contexts: as User Tokens or Tenant Tokens, depending on your application's requirements.
Token contexts
User tokens
User tokens are tied to individual users and include the following:
- The user context.
- The roles and permissions assigned to the user on the active account (tenant).
User tokens are ideal for user-specific operations and are automatically deleted when the associated user is removed from the system.
Tenant tokens
Tenant tokens are associated with an account (tenant) rather than a specific user. These tokens are useful for account-wide operations and their roles and permissions are defined by the scopes granted during token creation.
Token types
Client credentials tokens
Client Credentials Tokens can be used in both User and Tenant contexts for passwordless authentication methods, such as magic codes or links. Key features include:
- Time sensitivity: Tokens are valid for a limited period and are designed for short-term authentication.
- Refresh token rotation: Supports up to 100 active refresh tokens simultaneously, ensuring security by invalidating the oldest token upon the 101st refresh.
- Header usage: These credentials are used for generating a bearer token that should be passed in the
Authorization
header.
Access tokens
Access Tokens are versatile and can also be used in both User and Tenant contexts. They are designed for longer-term authentication and role-based access control. Key features include:
- Flexible expiration: Tokens can be configured with specific validity periods to suit your application's requirements.
- Direct usage: These tokens are JWTs that can be used immediately without additional exchange processes.
- Header usage: These tokens are passed in the
X-API-KEY
header.