# Common Questions
- Common Questions
- How to get UserPool Id and UserPool Secret?
- What does UserPool Secret do?
- What is the difference between UserPool ID, UserPool Secret and OAuth, OIDC App ID and App Secret?
- What is JWT Token?
- How to verify the legality of JWT Token?
- How to verify the validity of the id_token in the OIDC process?
- What is the difference between the two tokens in the OIDC process?
- How to use the mini program to scan code authentication?
- How to access social login
- How to access single sign-on?
- How to configure user permissions?
- What standard protocols does Authing support?
- What authentication methods does Authing support?
# How to get UserPool Id and UserPool Secret?
Click Basic Configuration -> Basic Settings, and find the "User Pool ID" and "Key" are "UserPoolId" and "UserPool Secret", as shown in the following figure:
UserPool Id / UserPool Secret
# What does UserPool Secret do?
# What is the difference between UserPool ID, UserPool Secret and OAuth, OIDC App ID and App Secret?
- UserPool ID and UserPool Secret are the information of the user pool created by the Authing developer. Through the UserPool ID and UserPool Secret, the Authing developer has all the access permissions of the user pool;
- The App ID and App Secret of the OAuth/OIDC application are the information of the OAuth or OIDC application, used to authorize other applications to access the user pool, and can also be used to [verify the legality of the JWT token](../advanced/verify-jwt -token.md).
# What is JWT Token?
Understand the definition and use of JWT Token# How to verify the legality of JWT Token?
Verify Token# How to verify the validity of the id_token in the OIDC process?
Please refer to: Use the key of OIDC application to verify the validity of the token.
# What is the difference between the two tokens in the OIDC process?
The OIDC process contains two tokens:
- access_token is used to obtain user data;
- id_token contains the basic information of the user;
Both can be verified using the secret of the OIDC application. For the verification process, please refer to: Use the key of the OIDC application to verify the validity of the token.
The method of obtaining the secret used by the Token in the verification OIDC process is shown in the following figure:
# How to use the mini program to scan code authentication?
Mini Program Scan Code Login# How to access social login
Web Social Connections# How to access single sign-on?
Implement Single Sign-On# How to configure user permissions?
Configure user permissions# What standard protocols does Authing support?
The industry standard protocols used by Authing include:
- OAuth 2.0: An authorization standard that allows users to grant limited access to their resources on one site to other sites without obtaining their credentials (usually account passwords). For example, you will use this standard when you click "Log in with WeChat" on your phone, and the system will ask you whether you agree to share your avatar, nickname and other data with the application.
- Open ID Connect: This is a superset of OAuth 2.0. It provides more user information and access permissions and standards on top of OAuth 2.0. For example, he defines the user's avatar as
picture. - JSON Web Tokens: An open standard, mainly used to transmit information securely. Its format is very compact and independent. After parsing, it is a JSON format.
- Security Assertion Markup Language (SAML): An XML-based open data format, SAML allows enterprise applications to seamlessly connect with internal and external programs.
- LDAP: LDAP is a lightweight directory access protocol. The full English name is Lightweight Directory Access Protocol, which is generally referred to as LDAP. You can understand it as a tree-shaped database used to store user and organization information, often used for single sign-on (SSO) and corporate employee information management.