Skip to main content


Casdoor is built on OAuth and utilizes tokens as users' OAuth tokens.

The following are the available token fields in Casdoor:

  • Owner
  • Name
  • CreatedTime
  • Application
  • Organization
  • User
  • Code
  • AccessToken
  • ExpireIn (Tokens will expire in hours)
  • Scope (Scope of authorization)
  • TokenType (e.g., Bearer type)

After logging into the application, there are two options to generate a JWT Token:

  • JWT
  • JWT-Empty

The JWT option will create a token with all fields of the User object, while the JWT-Empty option will create a token with all non-empty values for the user.