[keycloak-dev] ID Token claims in Access Token and Refresh Token

Wednesday, 3 December 2014

As AccessToken and RefreshToken extends IDToken they contain the ID Token claims. If
I've read the spec correctly those claims should only be in the ID Token. There should
also be a separate UserInfo endpoint which we're missing.

Is there a reason why AccessToken extends IDToken, or can we remove that?

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[keycloak-dev] ID Token claims in Access Token and Refresh Token