In the context of authorization and authentication, the token represents the integrator's (merchant's) entitlement to access a specific resource or include claims regarding the authentication of the user.
There are three types of tokens in OIDC: id_token, access_token and refresh_token.
An id_token is a JWT, per the OIDC Specification.
This means that:
Access tokens are used as bearer tokens. A bearer token means that the bearer can access authorized resources without further identification. Because of this, it’s important that bearer tokens are protected.
These tokens are only valid for 5 minutes for improved security. That is, when the access token expires, the merchant needs to request another one using refresh token (explained below).
Klarna's access tokens are also JWT, which again means:
Access token can be passed to Klarna payments in order to skip a second authentication step for the user.
Refresh tokens are used to obtain new access tokens. These tokens are long-lived (90 days by default) - this allows for long-lived sessions that can be invalidated if necessary. The 90 days are rolling, which means every time consumer logs in a new refresh token valid 90 days is issued.