Token & Session

Overview

This section covers how Keymate manages access tokens and sessions in multi-tenant environments. It explains the claim model that encodes organizational context into tokens, the exchange mechanism that enables department switching without re-authentication, the hierarchical session model that coordinates session state across systems, and the structured logout model that provides targeted session termination at multiple scopes.

When to Read This Section

Read this section when you need to understand how tokens carry organizational context, how users switch between department assignments at runtime, how sessions relate to each other across systems, or how logout operations propagate through the platform.

Who Should Start Here

• Backend developers integrating token validation and introspection into downstream services
• Architects designing session strategies for multi-tenant, multi-department applications
• Security engineers auditing token lifecycle, session termination, and logout coverage

Key Topics

Token Claims & Context

How access tokens encode identity, organizational context, roles, and custom attributes

Token Exchange Model

Department context switching through token replacement with revocation of the previous token

Session Governance

Hierarchical session model, external session mapping, and event-driven session termination

Logout Model

Multi-scope logout with asynchronous execution, status tracking, and bulk operations

Representative Journeys

• I need to understand what claims downstream services receive -> Token Claims & Context
• I need to understand how department switching works at the token level -> Token Exchange Model
• I need to understand how sessions cascade across systems -> Session Governance
• I need to understand logout scope options for security operations -> Logout Model

Recommended Reading Order

1. Token Claims & Context — understand what tokens contain
2. Token Exchange Model — understand how context switching produces new tokens
3. Session Governance — understand session hierarchy and lifecycle
4. Logout Model — understand targeted session termination

Related Sections

• Organization Model — tenant and department hierarchy that tokens reference
• Authorization — policy evaluation that consumes token claims
• Identity — user identity model that underpins token subjects
• Authentication — authentication flows that produce initial tokens