grantToken

GrantToken is a type of authorization credential used in access control systems to represent a granted permission to access a resource or perform an action. Unlike a user identity token, which asserts who a subject is, a grantToken encodes what the subject is allowed to do. It is issued by an authorization server after a successful authorization request and is presented to a resource server to validate the granted access.

Typically a grantToken carries claims such as allowed scopes, target resource identifiers, and an expiration time.

Lifecycle: grantTokens are usually short-lived and can be renewed or exchanged for another token via a separate

Security and best practices: protect grantTokens in transit and at rest, prefer HTTPS and secure storage, minimize

See also: access token, refresh token, OAuth 2.0, JWT.