Terms

OAuth token

A string that allows accessing a Yandex service on behalf of a particular user. In the context of the protocol, “OAuth token” can be shortened to “token”.

Every OAuth token always contains:

  • The ID of the account that can be accessed.

  • The ID of the application that was granted access.

  • A set of permissions (actions allowed for the application).

In this way, the token shows what the application can do on behalf of a specific account.

OAuth application

A program, mobile app, or web service that is registered on Yandex.OAuth.

In the Yandex.OAuth documentation, OAuth applications are referred to as just "applications". Other types of applications are identified explicitly.

Permissions

An action or set of actions on behalf of the user that are available with the OAuth protocol.

Yandex.OAuth tokens always indicate the permissions selected by the developer when registering or setting up the application. The same OAuth application can't simultaneously have two active tokens with differing permissions.

Refresh token

An extra string that is output with the OAuth token. The refresh token is used for renewing an OAuth token that is about to expire.