I am confused with access_token and id_token of OIDC, which one should be set to authorization header when making request to a resource owner? Is the id_token only for client to display user information without making request?
Asked
Active
Viewed 55 times
1 Answers
0
I think similar question is answered by ajaybc here - https://stackoverflow.com/a/19443840/4794396.
To say, id_token is required for the authentication of the user. And access_token is mandatory for reaching out to the end-point.
PS: Couldn't leave a comment as I haven't got 50 reputations yet.
AD8
- 2,168
- 2
- 16
- 31