They are security tokens that contain information about a user’s identity and authentication status and rely on OpenID Connect (OIDC), a free authentication standard. ID tokens are relevant in single sign-on (SSO) authentication procedures such as OAuth 2.0 and assure that a user’s identity is legitimate throughout the authentication operations.
...
Finally, the web application uses the ID token to obtain information about the user requesting the resource from the resource server.
| Tip |
|---|
An ID token includes user information (such as username and email address) and information about the authentication event (the time, method, and authentication scope). In addition to verifying identity, an ID token can verify a user’s access rights and is used as a bearer token in the authorization header of an HTTP request. |