Skip to main content


Casdoor is built on OAuth and utilizes tokens as users' OAuth tokens.

The following are the available token fields in Casdoor:

  • Owner
  • Name
  • CreatedTime
  • Application
  • Organization
  • User
  • Code
  • AccessToken
  • ExpireIn (Tokens will expire in hours)
  • Scope (Scope of authorization)
  • TokenType (e.g., Bearer type)

After logging into the application, there are three options to generate a JWT Token:

  • JWT
  • JWT-Empty
  • JWT-Custom

The options are as follows: JWT will generate a token containing all User fields, JWT-Empty will generate a token with all non-empty values for the user, and JWT-Custom will generate a token containing custom User Token fields (you can choose attributes in the Token fields).