An
access token is a credential that grants access to specific resources. OAuth 2.0 uses bearer tokens — whoever holds the token can use it. JWTs are a common token format.
Access tokens are short-lived. Refresh tokens are long-lived and used to obtain new access tokens. Never log access tokens — treat them like passwords.