Overview
This article explains the format of Refresh Tokens. While documentation specifies that ID Tokens and Access Tokens are JSON Web Tokens (JWTs), the format for Refresh Tokens is not explicitly detailed.
Applies To
- Refresh tokens
Solution
Refresh Tokens issued by Auth0 are in an opaque format for security purposes.
- Client applications cannot decode or inspect them.
- This design enhances the security of the token.