HOME

TheInfoList



Click Here for Items Related To - Personal Access Token
OR:
Personal Access Token on:   [Wikipedia]   [Google]   [Amazon]

In computing, a personal access token (or PAT) is a string of characters that can be used to authenticate a user when accessing a computer system instead of the usual
password A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services t ...
. Though associated with a single account, multiple PATs may be created, and can be manipulated independently of the password associated with that account, including creation and revocation of PATs without altering the password. The PAT is usually generated automatically by the remote system — for example, as a string of 52
alphanumeric Alphanumericals or alphanumeric characters are any collection of number characters and letters in a certain language. Sometimes such characters may be mistaken one for the other. Merriam-Webster suggests that the term "alphanumeric" may often ...
characters. Typically, permissions may also be adjusted for each PAT individually, allowing or restricting access to certain classes of data or functions on the remote system. These permissions can usually be adjusted only after authenticating with the password. This can be a useful form of delegation of
authorization Authorization or authorisation (see American and British English spelling differences#-ise, -ize (-isation, -ization), spelling differences), in information security, computer security and identity management, IAM (Identity and Access Managemen ...
, for example, when creating programs that will access the remote system. The PAT will typically be stored in a location accessible to the program, and therefore not typically as secure as a password. If the program or PAT is compromised, the damage will be limited by the permissions available to that PAT, and the PAT itself can easily be revoked to prevent further exploitation. If the token is a JWT token it can use the claim to declare a expiration time and the claim to declare a unique identifier for the JWT which can be used to revoke it.


References

{{Reflist Authentication methods