token

An access token is an opaque string that identifies a user, app, or page and can be used by the app to make graph API calls. Access tokens are obtained via a number of methods.

A token is used to make security decisions and to store information about some system entity. While a token is generally used to represent only security information, it is capable of holding additional free-form data that can be attached while the token is being created. Tokens can be duplicated without special privilege, for example to create a new token with lower levels of access rights to restrict the access of a launched application.

An access token is generated by the logon service when a user logs on to the system and the credentials provided by the user are authenticated against the authentication database. The authentication database contains credential information required to construct the initial token for the logon session, including its user id, primary group id, all other groups it is part of, and other information. The token is attached to the initial process created in the user session and inherited by subsequent processes created by the initial process. The result of this access check evaluation is an indication of whether any access is allowed and, if so, what operations (read, write/modify, etc.) the calling application is allowed to perform.

You can find tokens in CMS platforms, for example Prestashop and Magento login systems or in social services developers apps.