Moving from Access_Token to ID Token, Retaining the current User sesiona

Hi Team,
Currently My project is using access_token for authorization.
If I move to IdToken for authorization, How will i be able to retain Logins of all my Existing Logged In user i.e maintain session for the existing users which are already logged in using access_Tokens?

Hi @manish.kumar18

This depends on how the back-end logic was implemented for your application.

If you are using the JWTs just to validate the user and then create a session, you can leverage profile or email scopes for ID tokens to retrieve the username of the user and then create the session based on it, as the sub claim will contain only the user’s Okta ID.