I am implementing openid connect for google and microsoft. Openid provides the id_token which also content the user info. I am still confused. How to use id_token. In oauth2 we are storing the access_token in our db. so we use access_token to get user profile. If I am getting the profile mean user is authenticate and user will login into app. So in id_token case, should I validate the token. If token is validate then user will login. I am really confused. Please help me out. Please provide the flow of authentication.
0
votes
2 Answers
1
votes
Read this: http://www.thread-safe.com/2012/02/why-we-need-idtoken-in-openid-connect.html
TL;DR id_token removes the need for that extra round trip you need to make to get userinfo. Instead OIDC presents you with both an id_token which contains all the info you need about your current user and an access_token.
