[Openid-specs-ab] Are ID Tokens necessary?

Justin Richer jricher at mitre.org
Fri Nov 18 13:48:25 UTC 2011


When reading through recent issues and checking against the specs, I
began to wonder if the id_token is actually necessary. To me, it seems
to be a minor optimization that will in some cases save a round trip. In
all the normal flows, you get an access token and have a pointer to the
User Info Endpoint, which gets you your current-user information. 

Arguments about cramming additional parameters into the id token aside,
do we really need the ID Token?

 -- Justin



More information about the Openid-specs-ab mailing list