[keycloak-dev] Why is the access_token a JWT?

[Marc Boorshtein]

I'm looking at the OpenID Connect specs and what I don't understand is
why is the access_token returned to my client a JWT?  Shouldn't it be
just a code?  I'm sending a cope of "code" but there's nothing I can
see that says the access_token should be a JWT other then thats what
everyone seems to do.

Thanks


Marc Boorshtein
CTO Tremolo Security
marc.boorshtein at tremolosecurity.com
Twitter - @mlbiam / @tremolosecurity