[keycloak-dev] Why is the access_token a JWT?

Marc Boorshtein marc.boorshtein at tremolosecurity.com
Mon Sep 12 11:06:37 EDT 2016

I'm looking at the OpenID Connect specs and what I don't understand is
why is the access_token returned to my client a JWT?  Shouldn't it be
just a code?  I'm sending a cope of "code" but there's nothing I can
see that says the access_token should be a JWT other then thats what
everyone seems to do.


Marc Boorshtein
CTO Tremolo Security
marc.boorshtein at tremolosecurity.com
Twitter - @mlbiam / @tremolosecurity

More information about the keycloak-dev mailing list