Always ensure that your app securely transmits and stores bearer tokens.
For more security considerations for bearer tokens, see RFC 6750 Section 5.
API provides functions for storing and requesting shared password-based credentials.
Users often save their username and password in their i Cloud keychain when logging into websites in Safari.
Because the JWTs issued by the v2.0 endpoint are signed but not encrypted, you can easily inspect the contents of a JWT for debugging purposes.For more information about JWTs, see the JWT specification.An ID token is a form of sign-in security token that your app receives when it performs authentication by using Open ID Connect.Also, new claims can be introduced into ID tokens at any time.Your app should not break when new claims are introduced.The following list includes the claims that your app currently can reliably interpret.You can find more details in the Open ID Connect specification.If a bearer token is transmitted without this type of security, a malicious party could use a "man-in-the-middle attack" to acquire the token and use it for unauthorized access to a protected resource.The same security principles apply when storing or caching bearer tokens for later use.ID tokens are represented as JWTs, and they contain claims that you can use to sign the user in to your app.You can use the claims in an ID token in various ways.