Id token - APP Registration - SSO

Question

Hello Guys

I have one question, I noticed that when I create a APP Registration to authenticate users (Single-Sign-On)

Some Apps as the ID Token checked and others Not

So, Why some Apps require ID Token and Others not?

Thank you so much

Answer 1

Hi @ALVES Ricardo ,

Thanks for reaching out.

First, we need to understand what the difference between and Id token and access token and then why some application require Id tokens.

An ID token is a JSON Web Token (JWT) that contains claims about the identity of the authenticated user, such as their name, email address, and other profile information. It's typically used by the client application to verify the identity of the user and to obtain additional information about the user.

On the other hand, an access token is a security token issued by an authorization server as part of an OAuth 2.0 flow. It contains information about the user and the resource for which the token is intended. The information can be used to access web APIs and other protected resources. Access tokens are validated by resources to grant access to a client app.

Those applications which work without third party cookies such as Single Page applications (SPA), application using Open Id connect protocol to authenticate the user and applications using server-side authentication can also work without third party applications can request an Id token directly by passing id_token in the request (selecting Id token in the portal) as part of hybrid flow.

Reference: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow

Hope this will help.

Thanks,

Shweta

Please remember to "Accept Answer" if answer helped you.