OpenId Connect adds authentication to the OAuth2 protocol. OAuth2 is a protocol used for authorization. But what if I’m only interested in authenticating a user? After reading up on OpenId Connect, it looks like you receive both an ID Token and an Access token upon success. But what if I don’t care about authorization here. Can I omit the Access token from the protocol? Are there better protocols to use if I’m only interested in authentication (e.g. SAML)?
↧
