Token types

A number of different token types are available.

Table 1. Token types
Token type Description
Password reset Used for resetting password in Self Service applications.
  • ID. passwordResetToken.
  • Default expiry. 1800 seconds
Account claiming Used to start the Self Service account claim function. The identity must be verified by a trusted source before a token of this type is generated.
  • ID. accountClaimingToken.
  • Default expiry. 1800 seconds.
Session verification Used to establish a session for a previously authenticated user. The user must be authenticated by a Cloud Identity Portal API before a token of this type is generated.
  • ID. sessionVerificationToken.
  • Default expiry. 120 seconds.
Federation context Used to insert claim data into an identity assertion that is generated or otherwise not stored in LDAP.
  • ID. federationContextToken.
  • Default expiry. 30 seconds.
  • The session ID attribute user_session_id of the user must be passed in extensionData on creation of this token type, for example:
    • {"user_session_id":"<VALUE>"}
One time passcode Used to generate a six-digit passcode that can be assigned to a user for identity verification purposes.
  • ID. oneTimePasscodeToken.
  • Default expiry. 600 seconds.