What makes Identity Tokens useful?

PLATFORM: API Key deprecation and the new Reference Tokens

AuthorFullName__c
David Livshin
articleNumber
000005407
ft:sourceType
Salesforce
FirstPublishedDate
2022-09-15T08:12:30Z
lastModifiedDate
2023-03-29
VersionNumber
8
Because Access Tokens can be created with different scopes, with Identity Tokens, this means that you can set the Access Token’s scope property to “applied-permissions/user”.

For example, if you create a token with “scope=applied-permissions/user” and “subject=User1”, you’ve created an Identity token for User1. This means you’ve granted the token User1’s permissions as they are defined in the Platform by JFrog’s roles and permissions function. When a user generates a token via their Profile page in the JFrog Platform WebUI, the generated token is always an Identity Token (scoped to the permissions of the logged-in user).

Because JFrog’s Access tokens are standard JWTs, as such they can be quite long - since they contain the token’s properties (scope, subject and others), as well as additional information used to validate the token.In fact, the sheer length of the token can create compatibility issues with various clients trying to authenticate with the JFrog platform. Moreover, some clients might not even support bearer token authentication (Authorization: Bearer <token>).To mitigate these length limitations, JFrog introduced the Reference Token.