The reference token data model

Access tokens that use the reference token data model provide a reference to a set of attributes. The resource server must de-reference the access tokens for the corresponding identity and security information at the OAuthOAuth A standard framework that enables an application (OAuth client) to obtain access tokens from an OAuth authorization server for the purpose of retrieving protected resources on a resource server. authorization server that issued them.

The reference token data model supports both adaptive clustering and directed clustering. For adaptive clustering, PingFederate, as the authorization server, shares token information across a replica set. If region identifiers are defined, PingFederate shares token information across replica sets in multiple regions. You can optionally override this default behavior in the configuration file for adaptive clustering. For directed clustering, PingFederate shares token information among all engine nodes, despite any state server or subcluster setup.

The JSON web token data model

JSON Web Token (JWT)JSON Web Token (JWT)JWT An IETF standard container format for a JSON object used for the secure exchange of content, such as identity or entitlement information. To read the industry standard, see RFC 7519 bearer access tokens are secure and self-contained tokens. This allows the target resource server to validate the access tokens locally or to send the access tokens to PingFederate for validation.

This configuration uses either symmetric keys or asymmetric signing-certificate keys for token security. To facilitate rollover of keys when they expire, multiple entries are allowed for either signing mechanism. The JWT token data model is suitable for both standalone and clustered environments.