All tokens in the Curity Security Token Server are issued using token procedures. These are executed after validation has been performed and are responsible for both issuing the tokens, and assembling the data that should be used as response to the client.
This gives the administrator enormous flexibility in what tokens can be issued and which data should be added to these.
Fig. 151 Processing of token request