I am trying to understand OIDC and i dont see the purpose of the ID token if with just the access token, i can make a request to the userinfo endpoint and get the user info. What then is the purpose of the ID token?
In addition, what links an access token to a specific ID token? Are they linked at all?
As far as I understood it, the id_token is just a standardized way to signal the client application that the user has been authenticated. It might also save you some round-trip depending on the additional info that is contained in the id_token.
Just in case you haven't seen it yet. There is a great explainer video called OAuth 2.0 and OpenID Connect in Plain English that I found very helpful.
