It is important to understand that Corbado does neither operate as an OAuth2 server nor does it strictly follow the OAuth2 protocol. OAuth2 primarily focuses on authorizing third-party access to resources. In contrast, Corbado offers a simpler yet highly secure authentication solution.

However, if you are familiar with OAuth2, you will find some similarities. The session-token serves a similar purpose as the access-token in OAuth2. The refresh-token serves the same purpose as in OAuth2: to refresh the session-token (access-token).

Was this page helpful?

RevocationDevelopment mode