Isn't an access token used to authorize the UserInfo endpoint of Azure AD B2C?
opqrshun
95
Reputation points
Hello,
I thought an access token is required to authorize the Userinfo endpoint, but is it an ID token instead of an access token?
When I tried it, authorization failed with the access token, but authorized with the ID token.
In the "Test the policy" chapter it states:
Copy the id_token in its encoded format from the https://jwt.ms website.
But the HTTP request written just below it is shown as an access token
Authorization: Bearer <your access token>
For my use case, I have an OIDC client with a fixed OIDC flow. For example, OIDC authentication for AWS ALB.
Thank you.