We use tokens to authenticate users and authorize requests without keeping session data on the server. Tokens are data confirming a user’s identity and are analogous to digital signatures.
An access token (from an authorization server) allows temporary access to restricted resources such as APIs or websites. Generally, access tokens are valid for only a few minutes or hours, depending on the setting to safeguard the resource server.