OpenID Connect : Is It Fine to Use Id_token as Access_token? - Stack Overflowfleeting
- External reference: https://stackoverflow.com/questions/45564948/openid-connect-is-it-fine-to-use-id-token-as-access-token
your application needs just to authenticate users and then let them access its backend with all the features they may access, it’s easier to use just an ID token and check access rights based on username or roles.
accept ID tokens from different OAuth2 providers
Access tokens are useful for partial access delegation - when users delegate some of their permissions to another application
For example if I create an application that asks its users for a read-only access to their GMail, the application can get the access without it being allowed to access any other Google resources of the user
So if you want to create your backend API just for its frontend and don’t plan to open it for other applications, it’s easier to use just ID tokens
If you find out that you need access tokens, you can start using them later