I am confused with access_token and id_token of OIDC, which one should be set to authorization header when making request to a resource owner? Is the id_token only for client to display user information without making request?
0
votes
1 Answers
0
votes
I think similar question is answered by ajaybc here - https://stackoverflow.com/a/19443840/4794396.
To say, id_token is required for the authentication of the user. And access_token is mandatory for reaching out to the end-point.
PS: Couldn't leave a comment as I haven't got 50 reputations yet.