The ID token is always a JWT when doing OIDC, and it makes sense in this situation.
Because the ID token is not a set of credentials, but signed information you’d use to create/update a user’s profile.
You can technically use JWTs as access tokens, as the spec doesn’t specify a format for access tokens, but in my experience they’re normally opaque bearer tokens.
I had a family friend who recently passed from colon cancer.
It was particularly brutal because it never showed up in any regular screenings, due to the tumor growing on the outside of their colon. It took ~2-3 weeks just to figure out what it was, but they only knew something was wrong because of some blood tests that came back with unusual results.
It was only 90 days from when they got the call about the unusual results till their death.
Kinda interesting to hear about. I have a 500 chassis I’m slowly working on filling. I’m between the RND 535 or 543, and had never heard of a diode bridge comp before looking at the 535.
Because the ID token is not a set of credentials, but signed information you’d use to create/update a user’s profile.
You can technically use JWTs as access tokens, as the spec doesn’t specify a format for access tokens, but in my experience they’re normally opaque bearer tokens.