0
votes

I am confused with access_token and id_token of OIDC, which one should be set to authorization header when making request to a resource owner? Is the id_token only for client to display user information without making request?

1

1 Answers

0
votes

I think similar question is answered by ajaybc here - https://stackoverflow.com/a/19443840/4794396.

To say, id_token is required for the authentication of the user. And access_token is mandatory for reaching out to the end-point.

PS: Couldn't leave a comment as I haven't got 50 reputations yet.