[Openid-specs-ab] Are ID Tokens necessary?
jricher at mitre.org
Fri Nov 18 13:48:25 UTC 2011
When reading through recent issues and checking against the specs, I
began to wonder if the id_token is actually necessary. To me, it seems
to be a minor optimization that will in some cases save a round trip. In
all the normal flows, you get an access token and have a pointer to the
User Info Endpoint, which gets you your current-user information.
Arguments about cramming additional parameters into the id token aside,
do we really need the ID Token?
More information about the Openid-specs-ab