OpenID Connect

oidc auth ouath2 openid

Token Types

An ID Token contains claims about the identity of the authenticated user such as theyr name, email and phone number. In the OIDC specification, the ID token must be a JSON web token (JWT).

An Access Token is used to grant access to an authorized resource and contains scopes and groups.

A Refresh Token contains information to optain a new ID Token or Access Token.

Flows

The following links have articles that do a good job of explaining things:

In general it’s advised that all applications used the authorization code flow with PKCE.

Authorization Code Flow

Implict Flow

Hybrid Flow

Recommended Flows