token | String! | JWT access token (legacy clients keep using this field — kept for backwards compatibility) |
accessToken | String | Same value as token. Provided as an additive alias for clients that align with the OAuth2 pair naming |
refreshToken | String | OAuth2 refresh token. Null when the FF OAuth2 kill-switch is OFF (legacy Lexik path) — clients can still impersonate, refresh just won't extend the session |
expiresIn | Int | Seconds until the access token expires. Null if the upstream issuer didn't expose a precise TTL |
tokenType | String | Always 'Bearer' when set |