What Is Token-Based Authentication?

What Is Token-Based Authentication?

Thousands of businesses across the globe save time and money with Okta. Find out what the impact of identity could be for your organisation.

What Is Token-Based Authentication?

Learn why Top Industry Analysts consistently name Okta and Auth0 as the Identity Leader

Token-based authentication is a protocol which allows users to verify their identity, and in return receive a unique access token. During the life of the token, users then access the website or app that the token has been issued for, rather than having to re-enter credentials each time they go back to the same webpage, app, or any resource protected with that same token.

Auth tokens work like a stamped ticket. The user retains access as long as the token remains valid. Once the user logs out or quits an app, the token is invalidated.

Token-based authentication is different from traditional password-based or server-based authentication techniques. Tokens offer a second layer of security, and administrators have detailed control over each action and transaction.

But using tokens requires a bit of coding know-how. Most developers pick up the techniques quickly, but there is a learning curve.

Let's dig in, so you can determine if tokens are right for you and your organisation. 

A History of Authentication Tokens

Authentication and authorisation are different but related concepts. Before we had authentication tokens, we had passwords and servers. We used traditional methods to ensure that the right people had access to the right things at the right time. It wasn't always effective.

Consider passwords. Typically, they involve:

  • User generation. Someone comes up with a combination of letters, numbers, and symbols.
  • Memory. The