The feature allows the client to use OpenID Connect 1.0 flow if configured so.
Most commonly, if your scope contains “openid”, it means that you are going to use OpenID Connect Flow.
With, OpenID, the provider returns an ID Token along with the Access Token from the Token Endpoint.
This ID Token is a JWT which contains the information about the user. We verify the JWT signature, and several other parameters before we extract the information from this ID Token. This is equivalent to querying the User Info Endpoint. That said, we would not require to query the User Info Endpoint, all the user information required is in this ID Token.
To use this flow, simply select the “Custom OpenID Connect App” when adding the application:
If you are using one of the applications from the default list, we have already configured it for you. You can directly proceed with the further configuration.
Since the ID Token is a JWT, we need to configure the JWT support for this. Please refer to the JWT Support section for information about configuring JWT support.