Reputation: 1
Does OAuth uses ID Tokens for profile Information?
When we register to Spotify using Google or Facebook we'd using OAuth . But OAuth is used for authorization . When used generates access tokens for specified API or resource . But when we use OAuth , it sends our profile pic and username too . Does it means it's using ID tokens (Open IDConnect ) as well for generating profile information .
And when logging in via Facebook , why do we require access tokens when we using them for authentication , instead we require ID tokens . Am I correct ??
Upvotes: 0
Views: 57
Answers (1)
Reputation: 117281
OpenId Connect is authentication and uses id token, and Id token basically says yes there is a user behind this machine who has logged in and granted access.
Oauth2 is just for authorization to authorize an application to access data on behalf of a user. an access token is granted to the application authorizing it to access the data on behalf of the user for a certain amount of time there is no grantee when using an access token that the user themselves is actually their accessing the data.
Upvotes: 1
Related Questions
- Clarification on id_token vs access_token
- OpenID Connect : Is it fine to use id_token as access_token?
- Why we need OIDC ID Token?
- Purpose of ID token
- Is Oauth2 authorization code bound with the client id?
- OpenID Connect - should the id token be sent to the protected resource in this case?
- In OIDC, is scope=openid not required for /token call?
- What is the use of openid id_token
- Subject Identifier and ID Token/Userinfo Endpoint/Introspection Endpoint
- Does OAuth 2 specify a permanent identifier for a given user?