we have a partner with which we have an enterprise openId connect connection set up. This works as expected where when the user uses the connection they log in with the credentials set up in that connection and get back an access token with respective permissions that we can validate and utilize.
However, in another situation it is the case that the user is already signed into the mobile app of our partner. So within this context the user has an access token and an ID token issued by the party we have our openId connect connection with. They would now like to use one of our API endpoints from the app, and the question came up if they can get an access token by passing the ID token. Sine the ID token proves a success login, I would think this makes sense to issue an access token. However I did not find documentation on a process like this.
While I’m not entirely sure what your environment looks like, in general it is not possible to exchange an ID Token for an Access Token. The ID Token represents successful Authentication, but not Authorization. Depending on your particular use case, you may want to explore silent authentication which is a way to essentially re-authorize (/authorize) without prompting the user.
