35. Access Token + ID Token
End User Relying Party OpenID Provider
Initiate
Request Authorization
Authenticate & Authorize
Authorization Grant
Authorization Grant
Access Token + ID Token
36. ID Token
• JWT token representing logged-in session
• Claims:
• iss – Issuer
• sub – Identifier for user
• aud – Audience for ID Token
• iat, exp - issued at & expiry
37. JSON Web Token
• JSON + Signature (+ Encryption)
• XML Signature for JSON