which token type use in identity server 4?

Question

In Identity server 4 there is two token type

Access token
Reference token

what is the difference between access token and a reference token?

which time to use the access token and which time to use the reference token?

I want to restrict the multi-login of user, which token suits?

Does this answer your question? [Why Does OAuth v2 Have Both Access and Refresh Tokens?](https://stackoverflow.com/questions/3487991/why-does-oauth-v2-have-both-access-and-refresh-tokens) — AndrewSilver, Nov 11 '21 at 17:38

score 0 · Answer 1 · answered Nov 12 '21 at 16:03

If you use reference tokens, then the token is just a random string and the receiver of the token uses the reference token to ask IdentityServer about the details that this token refer to.

When you use a JWT token, the token itself contains all the details about who issued it, who is it for and additional claims about the owner of the token.

There are various pros/cons with using either token format.

If I am not mistaken, if you want to use AddJwtBearer in your API to handle tokens, then you must use the JWT format. because it does not support reference tokens.

See this page for more details.

which token type use in identity server 4?

1 Answers1