The OIDC and OAuth 2.0 are standards for authentication that allow a user to access protected resources through the means of an access token. This token represents a string that denotes a specific scope, lifetime and other access attributes. On a basic authorization code grant flow, this token is normally stored by the client. When a query to a protected endpoint is made this token is traded between the resource server and the client itself to verify its validity.