Tagged articles

Access Token

41 articles · Page 1 of 1
Programmer XiaoFu
Programmer XiaoFu
Jun 17, 2026 · Information Security

Why JWT Requires Both Access and Refresh Tokens Instead of a Single Token

The article explains the inherent trade‑off of a single JWT’s expiration time, shows how using short‑lived Access Tokens together with long‑lived Refresh Tokens resolves both security and user‑experience issues, and provides detailed backend and frontend implementation guidance.

Access TokenJWTOAuth 2.0
0 likes · 11 min read
Why JWT Requires Both Access and Refresh Tokens Instead of a Single Token
Architect's Guide
Architect's Guide
Jun 7, 2026 · Information Security

A Complete Guide to Understanding OAuth 2.0

This article explains OAuth 2.0 by contrasting it with SSO, walks through a real‑world analogy, details the nine‑step authorization flow, defines key terms and roles, and describes how web servers, user agents, and native apps participate in the protocol.

API authenticationAccess TokenAuthorization
0 likes · 11 min read
A Complete Guide to Understanding OAuth 2.0
Coder Trainee
Coder Trainee
Feb 5, 2026 · Backend Development

How to Retrieve the access_token for a WeChat Mini Program

This article explains why a WeChat Mini Program needs an access_token, describes the token's 7200‑second validity, and provides a step‑by‑step Java implementation that builds the request URL, sends an HTTPS GET, parses the JSON response, and outlines a simple caching strategy.

API authenticationAccess TokenHTTPS GET
0 likes · 3 min read
How to Retrieve the access_token for a WeChat Mini Program
Senior Tony
Senior Tony
Jan 7, 2026 · Information Security

How to Implement Seamless Token Auto‑Renewal: Frontend Refresh, Sliding Window, and Double‑Token Strategies

Token expiration can be handled with three main strategies—frontend‑driven periodic refresh, backend sliding‑window renewal, and the industry‑standard double‑token (access + refresh) scheme—each balancing implementation simplicity, user experience, and security, with the double‑token approach offering the most robust solution.

Access TokenBackend DevelopmentToken
0 likes · 7 min read
How to Implement Seamless Token Auto‑Renewal: Frontend Refresh, Sliding Window, and Double‑Token Strategies
Rare Earth Juejin Tech Community
Rare Earth Juejin Tech Community
Sep 26, 2025 · Backend Development

Double Token Auth with Express & Vue: Complete Implementation Guide

This article explains the double token (Access and Refresh) authentication mechanism, detailing its core principles, security benefits, and step‑by‑step implementation with Express on the backend and Vue on the frontend, including token issuance, verification, rotation, middleware, and client‑side handling.

Access TokenExpressdouble token
0 likes · 17 min read
Double Token Auth with Express & Vue: Complete Implementation Guide
Volcano Engine Developer Services
Volcano Engine Developer Services
Aug 27, 2025 · Information Security

How Volcano Engine Secures MCP OAuth: Multi‑Layer Defense Against Token Theft

This article examines the OAuth security challenges in Volcano Engine's Model Context Protocol (MCP) ecosystem and outlines a comprehensive, three‑stage defense strategy—including pre‑authorization double confirmation, token identity isolation, and API‑level permission controls—to protect user assets and data.

Access TokenDefense in DepthMCP
0 likes · 13 min read
How Volcano Engine Secures MCP OAuth: Multi‑Layer Defense Against Token Theft
Top Architect
Top Architect
Dec 22, 2024 · Information Security

Understanding OAuth2.0: Principles, Architecture, and Implementation

This article provides a comprehensive overview of OAuth2.0, explaining its core concepts, the roles of resource owner, client, authorization server, and resource server, illustrating the full authorization flow with diagrams, clarifying related terminology such as authentication, delegation, and roles, and finally noting additional promotional material.

Access TokenAuthorizationOAuth2.0
0 likes · 14 min read
Understanding OAuth2.0: Principles, Architecture, and Implementation
php Courses
php Courses
Jun 28, 2023 · Backend Development

Integrating PHP with WeChat Work: Step-by-Step Guide

This guide explains how to integrate PHP with WeChat Work by registering a corporate account, creating an application, obtaining credentials, using PHP’s HTTP requests to acquire access tokens, and sending messages or retrieving user data, including a complete code example.

APIAccess TokenBackend Integration
0 likes · 4 min read
Integrating PHP with WeChat Work: Step-by-Step Guide
Top Architect
Top Architect
Jun 29, 2022 · Information Security

OAuth 2.0 Protocol Overview and Grant Types

This article provides a comprehensive introduction to the OAuth 2.0 protocol, covering its core concepts, authorization flow, four grant types (authorization code, implicit, resource owner password credentials, client credentials), request and response parameters, token handling, and practical examples with code snippets.

Access TokenAuthorizationGrant Types
0 likes · 22 min read
OAuth 2.0 Protocol Overview and Grant Types
Top Architect
Top Architect
Jun 18, 2022 · Information Security

OAuth 2.0 Protocol Overview and Authorization Flows

This article provides a comprehensive introduction to the OAuth 2.0 protocol, explaining its core concepts, the roles of resource owner, client, authorization server and resource server, and detailing the four grant types—authorization code, implicit, resource‑owner password credentials, and client credentials—along with token request/response formats and refresh token usage.

Access TokenAuthorizationGrant Types
0 likes · 23 min read
OAuth 2.0 Protocol Overview and Authorization Flows
IT Architects Alliance
IT Architects Alliance
Jun 18, 2022 · Information Security

OAuth 2.0 Overview: Core Concepts, Authorization Flows, and Grant Types

This article provides a comprehensive introduction to OAuth 2.0, covering its purpose, core roles, token types, four main grant flows (authorization code, implicit, resource‑owner password, client credentials), token refresh mechanisms, and practical request/response examples for developers.

Access TokenAuthorizationGrant Types
0 likes · 22 min read
OAuth 2.0 Overview: Core Concepts, Authorization Flows, and Grant Types
IT Architects Alliance
IT Architects Alliance
Mar 21, 2022 · Information Security

OAuth2 and JWT Based Security Authentication Design and Implementation Overview

This article provides a comprehensive overview of a token‑based security authentication system, covering terminology, development background, objectives, functional points, technology selection, OAuth2 grant types, JWT fundamentals, authentication flow, credential renewal, and interface design for unified access control across microservices.

Access TokenJWTinformation security
0 likes · 10 min read
OAuth2 and JWT Based Security Authentication Design and Implementation Overview
Architecture Digest
Architecture Digest
Feb 5, 2021 · Information Security

Token-Based Authentication Architecture Using OAuth2 and JWT

The article explains the design and implementation of a token‑based authentication system for micro‑services, covering terminology, business background, OAuth2 password‑grant flow, JWT usage, security advantages, functional modules, technical choices, detailed authentication workflow, and API design.

Access TokenJWTMicroservices
0 likes · 10 min read
Token-Based Authentication Architecture Using OAuth2 and JWT
21CTO
21CTO
Feb 2, 2021 · Information Security

JWT vs OAuth2: Which Authentication Method Is Right for Your API?

This article explains the fundamental differences between JSON Web Tokens (JWT) and OAuth2, outlines their structures, security considerations, implementation details, and compares their advantages, drawbacks, and suitable use cases to help developers choose the appropriate method for securing APIs.

API SecurityAccess TokenAuthorization
0 likes · 10 min read
JWT vs OAuth2: Which Authentication Method Is Right for Your API?
System Architect Go
System Architect Go
Jan 28, 2021 · Information Security

OAuth 2.0 Authorization Code and Implicit Grant Flows

This article explains the OAuth 2.0 protocol, describes its four grant types, focuses on the Authorization Code and Implicit flows, outlines the involved roles, token types, client registration steps, and provides detailed request‑response examples for both grant types.

Access TokenImplicit GrantOAuth 2.0
0 likes · 8 min read
OAuth 2.0 Authorization Code and Implicit Grant Flows
ITFLY8 Architecture Home
ITFLY8 Architecture Home
Nov 29, 2020 · Information Security

Designing a Multi‑Layer Token Authentication System for Secure Multi‑Client Apps

This article examines the classification, security attributes, and hierarchical design of various authentication tokens for multi‑client systems, offering a layered approach that balances usage cost, change cost, and privacy while outlining practical scenarios and implementation principles.

Access Tokenidentity verificationmulti-client
0 likes · 16 min read
Designing a Multi‑Layer Token Authentication System for Secure Multi‑Client Apps
Architect
Architect
Jul 18, 2020 · Information Security

Understanding OAuth 2.0: Scenarios, Flow, and Implementation Details

This article explains the concept of OAuth, its typical use cases such as third‑party login, the roles of user, service provider, and platform, and provides a step‑by‑step flow with code examples for obtaining authorization codes, access tokens, and user information.

Access TokenOAuthWeb Development
0 likes · 11 min read
Understanding OAuth 2.0: Scenarios, Flow, and Implementation Details
FunTester
FunTester
Jun 12, 2020 · Mobile Development

WeChat OAuth2.0 Mobile Application Login Integration Guide

This guide explains how to integrate WeChat OAuth2.0 login into Android and iOS mobile applications, covering preparation, authorization flow, API calls for access tokens and user info, phone‑number binding, re‑login handling, and test case recommendations.

APIAccess TokenAndroid
0 likes · 12 min read
WeChat OAuth2.0 Mobile Application Login Integration Guide
21CTO
21CTO
Jun 11, 2020 · Information Security

Understanding OAuth2: How Access Tokens Secure User Data

This guide walks developers through the OAuth2 workflow, illustrating how users, client applications, resource servers, and authorization servers interact via access tokens to securely protect and grant access to user data, and highlights the critical steps of token issuance and validation.

Access Tokenauthorization-serveroauth2
0 likes · 8 min read
Understanding OAuth2: How Access Tokens Secure User Data
Java Architecture Diary
Java Architecture Diary
Apr 7, 2020 · Information Security

Why OAuth2 Tokens Miss expires_in and How Spring Security Handles It

The article examines why the demo environment of pig4cloud returns an OAuth2 access token without the expires_in field, contrasts it with a local deployment, analyzes the Spring Security OAuth2 token generation code, and explains that according to the OAuth2 specification the expires_in parameter should be returned even for permanently valid tokens.

Access TokenSpring Securityexpires_in
0 likes · 4 min read
Why OAuth2 Tokens Miss expires_in and How Spring Security Handles It
FunTester
FunTester
Mar 14, 2020 · Mobile Development

WeChat OAuth2.0 Mobile Login Integration Guide

This guide explains how to integrate WeChat OAuth2.0 login into Android and iOS mobile applications, covering preparation, the authorization code flow, token exchange, user‑info retrieval, phone‑number binding, repeated login handling, and comprehensive test cases.

APIAccess TokenAndroid
0 likes · 11 min read
WeChat OAuth2.0 Mobile Login Integration Guide
Top Architect
Top Architect
Mar 2, 2020 · Information Security

Token-Based Authentication: Scenarios, Types, Comparison, and Hierarchical Structure

This article analyses various client scenarios in multi‑client systems, classifies authentication tokens into password, session, API, and other categories, compares them across usage cost, change cost, and security risks, and presents a hierarchical token model with detailed usage steps and practical considerations.

Access TokenSessionToken
0 likes · 12 min read
Token-Based Authentication: Scenarios, Types, Comparison, and Hierarchical Structure
Open Source Tech Hub
Open Source Tech Hub
Dec 11, 2019 · Information Security

Why Choose JWT? Mastering Access and Refresh Tokens for Secure APIs

This article explains why JWT has become the preferred method for session management in modern RESTful and SPA architectures, detailing the roles, lifecycles, and implementation steps of access_token and refresh_token, and providing concrete API examples for login and token renewal.

API authenticationAccess TokenJWT
0 likes · 6 min read
Why Choose JWT? Mastering Access and Refresh Tokens for Secure APIs
360 Quality & Efficiency
360 Quality & Efficiency
Aug 15, 2019 · Information Security

Understanding the OAuth Authorization Flow Using a WeChat Login Example

This article explains the OAuth authorization process, illustrating how a third‑party app like a WeChat‑based login requests user permission, obtains a code, exchanges it for an access token, and uses that token to access user data, while highlighting token expiration and business‑scenario applications.

Access TokenAuthorizationOAuth
0 likes · 4 min read
Understanding the OAuth Authorization Flow Using a WeChat Login Example
UC Tech Team
UC Tech Team
Nov 16, 2018 · Information Security

Understanding OAuth Authorization Flow and Grant Types

This article explains the OAuth protocol, its role in providing secure third‑party access to user resources, describes the overall authorization architecture, outlines the involved parties and step‑by‑step flow, and details the four main grant types along with token refresh mechanisms.

APIAccess TokenAuthorization
0 likes · 6 min read
Understanding OAuth Authorization Flow and Grant Types
Java Captain
Java Captain
Sep 26, 2018 · Artificial Intelligence

Step-by-Step Guide to Using Baidu OCR API with Java

This article provides a comprehensive Java tutorial for accessing Baidu's OCR service, covering prerequisite setup, Maven dependencies, token acquisition, image-to‑Base64 conversion, HTTP request construction, and performance observations for Chinese, English, and mixed‑language image recognition.

APIAccess TokenBaidu OCR
0 likes · 9 min read
Step-by-Step Guide to Using Baidu OCR API with Java
Java High-Performance Architecture
Java High-Performance Architecture
Oct 29, 2015 · Information Security

How OAuth2 Secures Third‑Party Access: A Complete Guide

OAuth2 provides a secure, open standard that lets third‑party applications obtain limited user access without exposing passwords, using a token‑based flow involving resource owners, clients, resource servers, and authorization servers, illustrated through a step‑by‑step authorization process.

APIAccess TokenAuthorization
0 likes · 4 min read
How OAuth2 Secures Third‑Party Access: A Complete Guide