Glossary: ID TokenGlossary

An ID token is a security credential in OIDC (OpenID Connect, an authentication protocol built on OAuth 2) that acts as proof that the end user has been authenticated. They are issued to an application by the authorization server as the end result of successful authentication (logging in).

Tokens typically contain claims, which are information about the token and the end user. In an ID token, claims contain information about:

The token itself, such as the URL for the authorization server that issued the token, the client ID of the token’s audience (the application for which the token is to be used), the date and time when the token expires, etc.
Information about the end user, typically concerning their profile and identity, such as names, email address, URL for their profile photo, etc.

In OIDC, authorization and authentication are often performed in the same workflow. When an application requests authorization from a authorization server for the first time in a session, the end user logs in and if authenticated, the authorization server provides the application with both an ID token and an access token.

Are we missing anything? Let us know

Was this page helpful?