Closed acoburn closed 3 years ago
The discussion on this issue is ongoing in the Authentication Panel.
@acoburn please re-open if latest draft doesn't address this issue https://github.com/solid/authentication-panel/blob/master/oidc-authentication.md
In a typical interaction with an OIDC provider, both an access token and an ID token are presented to a client. It is typical for clients to then use the access token in subsequent interactions with resource servers (in this case, a Pod), but the current WebID-OIDC protocol describes using the ID token in the way one might ordinarily use an access token.
It would be helpful to clarify the semantics of these tokens w/r/t the token that is presented to a resource server and whether it would be better to use access tokens instead of ID tokens in this context.