Terminology

OAuth token
A string that allows the app to access Yandex services on behalf of a specific user. In the context of protocol usage, OAuth token can be shortened to token.

Each OAuth token contains:

  • ID of the account that can be accessed.

  • ID of the application with access rights.

  • Set of rights (actions available to the application).

Thus, the token shows what this application can do on behalf of a particular account.

OAuth app
Program, mobile app, or web service registered in Yandex OAuth.
Rights
An action or set of actions on behalf of the user that are available over the OAuth protocol.

Yandex OAuth always specifies in its tokens the rights chosen by the developer when registering or setting up the app. For the same OAuth app, you can't get two working tokens with different rights at the same time.

Refresh token
An additional string issued with an OAuth token. The refresh token is used to update an OAuth token that is about to expire.
Previous
OAuth implementation at Yandex
Next
JSON Web Token