An access token contains the security credentials for a login session and identifies the user, the user’s groups, the user’s privileges, and, in some cases, a particular application. Typically one may be asked to enter the access token (e.g. string 16 random characters consists of 0-9 and a-f) rather than the usual password. Token always has an expiry date/time.