I’m not sure I get it right.
I have a web application. What token should be used as a bearer token when I’m calling backend from the webbrowser? Front and Backend are in the same domain. And if the answer is access token how should I retrieve claims or other things (like permissions/roles?) stored in id token that may be needed to grant an access to endpoint resources?