OAuth 2 access_token vs OpenId Connect id_token

Question

Although I have worked with OAuth 2 before, I am a newbie to Open ID Connect.

Reading the tutorials and documentations I have come across both access_token<

Answer 1

Here is an article that describes why the id_token was introduced and what was it's initial purpose: Why we need a id_token in OpenID Connect & Facebook Connect. In short they tried to standardize the Hybrid Flow that was used by the Facebook.

We considered was using the id_token as the access_token. We rejected that option because:

• Many providers have existing OAuth token formats for there endpoints that wo uld be difficult to change.
• We don't want long term access tokens being stored in the browser as cookies.
• There are clearly separate recipients of the two tokens overloading the semantics of the two tokens would reduce flexibility and increase complexity in the long term.