Token Authentication With OAuth & JWT

Stormpath handles token-based authentication and securely manages access to your API using JSON Web Tokens and the OAuth2 Protocol. Generate, manage, check, and revoke OAuth tokens and API Keys - without any custom OAuth code.

Client-side tokens allow you to authenticate users in a unified and secure way, without needing to store user state on the server. Its a great tool for developers building stateless, scalable applications and services, without compromising security.

Stormpath OAuth 2.0 Token Supports:

  • Client-side Token authentication for frameworks like Angular.js
  • Token authentication for web apps
  • Social authentication (Facebook, Google, etc.)
  • Token authentication against OAuth2 compliant endpoints
  • API Authentication and key management

Why Use Stormpath for Token Management?

Issue and revoke refresh and access tokens easily – Full CRUD for your API Keys and OAuth Tokens

Manage authorization with Stormpath built-in groups and customData – Users can use password, token or API key-based auth

Read the Guide

Oauth 2.0 Support

Stormpath Token Authentication uses the OAuth2 protocol and supports common OAuth grant types:

  1. Password Grant Type: get an Access Token based on a login and password
  2. Refresh Grant Type: generate another Access Token based on a special Refresh Token
  3. Client Credentials Grant Type: exchange an API Key for the Access Token (via our API Key Management feature)

Read the Stormpath Guide to OAuth2 Token Management

API Authentication with Stormpath:

Use Stormpath to authenticate, authorize and manage API Keys and Tokens for Developers using your API services.

  • Provision new developer accounts with API keys & secrets
  • Authenticate API requests with HTTP Basic, OAuth1.0 or OAuth2.0
  • Create, refresh and revoke developer keys and tokens
  • Assign developers OAuth1.0 tokens to interact with your API service

Read the Stormpath Guide to API Authentication and Key Management