The Token collection is a native collection of token documents. Tokens work with roles to grant identity-based access to a database. Documents in this collection have an immutable, Fauna-defined structure. An identity may have multiple tokens that can access multiple devices simultaneously.

There are two ways to create a token. When an identity is successfully authenticated by Credential.login() the method returns a Token and the Token.create() method. Use the create() method when identity-based access is required, but authentication is unnecessary or handled outside of Fauna.

By itself, a token does not authorize any resource privileges to its corresponding identity. After Credential.login() creates a token, it is used to connect to Fauna and make queries on behalf of the identity. The identity Credential specify a Role. The Role document configures the membership and the privileges authorized to the identity. See the Role collection for more information on configuring resource authorization.

A secret field is returned at token creation. This is a password-equivalent field. The caller must retrieve and store the secret at creation as the field isn’t accessible later. Fauna cannot recover a secret that is discarded or lost. So, secure secrets with the same care and attention as any password.

At creation time, a caller can set a time-to-live (ttl) value, the valid duration of the token. If ttl isn’t set, its default value is null, which causes the document to persist indefinitely or until deleted.

See the Token document definition

Static methods

Method Description

Get the set of all Token objects.

Get a Token by Document.

Get a Token by ID.

Create a Token.

Get the first token matching a predicate function.

Get tokens matching a predicate function.

Instance methods

Method Description

Delete a Token.

Verify a Token.

Replace a Token.

Update a Token.

Is this article helpful? 

Tell Fauna how the article can be improved:
Visit Fauna's forums or email

Thank you for your feedback!