openid-connect

OpenID Connect is an extra layer on top of OAuth, so we can say it has the same flows that OAuth has with few more scopes to extend it. So, when we talk about the access token, the protocol says it must not used by the client to read and get access for its information. Clients only need to forward it. On the other hand, clients maybe need to get user information, therefore, OpenID Connect provides the identity token in which only the clients will use it....