The authentication and authorization system includes an application execution unit, a user information storage unit, a token acquisition unit configured to acquire, using the user information acquired from the user information storage unit, an access token from an authorization server that authorizes the application to use the external service when a valid access token is presented via the cooperation unit, and a token storage unit configured to store the acquired access token. The token acquisition unit acquires the access token from the authorization server at a predetermined cycle, and stores it in the token storage unit. When the application uses the external service, the application execution unit requests a cooperation unit to make the application cooperate with the external service using the access token acquired from the token storage unit.