In my Api’s the functions in the api are working based on roles, so in this case can I just use the id token to return the role and that’s it? Because all of my api’s can be accessed by all users, what’s returned/processed is based on the role.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Id Token vs Access Token | 3 | 5824 | February 11, 2022 | |
| Clarification on token usage | 5 | 12092 | March 2, 2018 | |
| API permissions depending on user | 2 | 3663 | February 10, 2021 | |
| id_token as autorization bearer rather than access_token | 2 | 7037 | March 2, 2018 | |
| Using access token for Authorization | 3 | 4067 | February 18, 2019 |