# Token Model

## Access token claims

```json
{
  "userId": "uuid",
  "tenantId": "uuid",
  "roles": ["admin"],
  "permissions": ["billing.read", "baas.write"]
}
```

- Access tokens are used by internal services only.
- TTL is short (default 15 minutes).

## Refresh tokens

- Stored hashed in the database.
- Used to issue new access tokens.
- Revoked on logout or compromise.