Glossary
Key terms used throughout the TokenIDP documentation.
| Term | Meaning |
|---|---|
| Application | OAuth/OIDC client registered in TokenIDP |
| Authorization Code | Short-lived code exchanged for tokens |
| CIBA | Client Initiated Backchannel Authentication |
| Claim | Name/value statement about a subject or authorization context |
| Client | Software requesting tokens from TokenIDP |
| Issuer | Canonical URL identifying the TokenIDP instance |
| JWKS | Public signing keys used by APIs to validate JWTs |
| PKCE | Proof Key for Code Exchange |
| Scope | Delegated permission requested by a client |
| Tenant | Isolation boundary for users, clients, roles, and settings |
Common Pitfalls
- Using client, application, and API resource interchangeably.
- Treating scopes and roles as the same authorization concept.