Mobile applications implemented these days for a single native platform such as iOS or Android, or multiple platforms with frameworks like Xamarin, React Native or Flutter, all share the same minimum authentication requirements, which include authenticating users, and also passing authentication data in the form of tokens to external web APIs.

In OAuth 2.0, these requirements are addressed with ID tokens, refresh tokens, and access tokens. The purpose of each token will be discussed in the following sections.

OAuth 2.0 Tokens