Token collection is a native
collection of token documents. Tokens work with roles to grant identity-based
access to a database. Documents in this collection have an immutable,
Fauna-defined structure. An identity may have multiple tokens that can
access multiple devices simultaneously.
There are two ways to create a token. When an identity is successfully
Credential.login() the method returns a
Token and the
Token.create() method. Use the
create() method when identity-based access is
required, but authentication is unnecessary or handled outside of Fauna.
By itself, a token does not authorize any resource privileges to its
corresponding identity. After
Credential.login() creates a token, it is
used to connect to Fauna and make queries on behalf of the identity. The
Credential specify a
Role document configures the
membership and the
privileges authorized to the identity. See the
Role collection for more information on
configuring resource authorization.
secret field is returned at token creation. This is a password-equivalent
field. The caller must retrieve and store the
secret at creation as the field
isn’t accessible later. Fauna cannot recover a
secret that is discarded or
lost. So, secure secrets with the same care and attention as any password.
At creation time, a caller can set a time-to-live (
ttl) value, the
valid duration of the token. If
ttl isn’t set, its default value is
which causes the document to persist indefinitely or until deleted.
|See the Token document definition|
Is this article helpful?
Tell Fauna how the article can be improved:
Thank you for your feedback!