The OpenID Connect Identity Token is versatile, and its use is certainly not limited to just signing in users into apps:

Stateless sessions#

Put into a browser cookie the Identity Token can be used to implement lightweight stateless sessions. This does away with the need to store sessions on the server side (in memory or on disk), which can be quite a burden for apps that must scale well. The session cookie is checked by validating the Identity Token. If the Identity Token has expired the app can simply ask the Identity Provider (IDP) for a new one via a silent prompt=none request.

Passing identity to 3rd parties#

The Identity Token may be passed to other components of the app or to backend services when knowledge of the user’s identity is required, for example to log audit trails.


The Identity Token may be exchanged for an access token at the token endpoint of an OAuth 2.0 Authorization Server (RFC 7523). There are many real world scenarios when an identity document is required to obtain access, for example when you check in at a hotel to get your room key. Token-exchange has uses in distributed and enterprise applications.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-2) was last changed on 12-Feb-2016 14:23 by jim