OpenID Connect is built on top of OAuth2.
- An
access_token
is useful to call certain APIs in Auth0 (e.g./userinfo
) or an API you define in Auth0. - An
id_token
is a JWT and represents the logged in user. It is often used by your app. - A
refresh_token
(only to be used by a mobile/desktop app) doesn’t expire (but is revokable) and it allows you to obtain freshly mintedaccess_tokens
andid_token
.