Glossary (sign-in & Accounts)
Plain-language meanings for web sign-in articles. This is help text, not legal advice.
Intastellar Accounts
Meaning: The identity layer visitors use to sign in across Intastellar products with one account.
In practice: Your site or app starts a flow; after success, you hold a session or tokens according to your integration pattern.
Authorization code
Meaning: A short-lived code returned to your redirect URI after the user signs in. You exchange it for tokens (in the browser with PKCE, or on your server with a client secret for confidential clients).
In practice: Never treat the code as a long-term secret; exchange it promptly per the docs.
PKCE (Proof Key for Code Exchange)
Meaning: An OAuth extension for public clients (SPAs, mobile, browser apps) so the code exchange is bound to your app without a client secret in the browser.
In practice: Use it for browser-only integrations — see SPAs and JavaScript clients.
Redirect URI (callback URL)
Meaning: The exact URL Intastellar Accounts may send the user back to with the authorization code or error.
In practice: Must match registered values — see Redirect URIs and callbacks.
Public vs confidential client
Meaning: Public — cannot keep a secret safe (typical browser app). Confidential — your server can store a client secret.
In practice: Pick the right type when you register the app; wrong choice causes confusing token errors.
Access token / refresh token
Meaning: Access token — credential used to call APIs (short-lived in many setups). Refresh token — used to obtain new access tokens without forcing login every time (when your flow allows it).
In practice: Storage and rotation rules depend on your architecture — see Sessions, cookies, and tokens.
State
Meaning: A random value you send at the start of the flow and verify on return — protects against CSRF and helps correlate requests.
In practice: Generate per attempt; validate on callback before trusting the code.
Scope
Meaning: The permissions the user is asked to approve (openid, profile, email, product-specific APIs, etc.).
In practice: Request minimum scopes you need; document them for your own support team.
More glossary pages (sign-in)
- Browser, cookies & storage — SameSite, HttpOnly, third-party context, storage partitioning
- Identity, JWT & APIs — OIDC vs OAuth, claims, JWKS, resource servers
Last updated