Konubinix' opinionated web of thoughts

OpenID Connect : Is It Fine to Use Id_token as Access_token? - Stack Overflow

Fleeting

OpenID Connect : Is it fine to use id_token as access_token? - Stack Overflow

your application needs just to authenticate users and then let them access its backend with all the features they may access, it’s easier to use just an ID token and check access rights based on username or roles.

https://stackoverflow.com/questions/45564948/openid-connect-is-it-fine-to-use-id-token-as-access-token

accept ID tokens from different OAuth2 providers

https://stackoverflow.com/questions/45564948/openid-connect-is-it-fine-to-use-id-token-as-access-token

Access tokens are useful for partial access delegation - when users delegate some of their permissions to another application

https://stackoverflow.com/questions/45564948/openid-connect-is-it-fine-to-use-id-token-as-access-token

For example if I create an application that asks its users for a read-only access to their GMail, the application can get the access without it being allowed to access any other Google resources of the user

https://stackoverflow.com/questions/45564948/openid-connect-is-it-fine-to-use-id-token-as-access-token

So if you want to create your backend API just for its frontend and don’t plan to open it for other applications, it’s easier to use just ID tokens

https://stackoverflow.com/questions/45564948/openid-connect-is-it-fine-to-use-id-token-as-access-token

If you find out that you need access tokens, you can start using them later

https://stackoverflow.com/questions/45564948/openid-connect-is-it-fine-to-use-id-token-as-access-token