Can anyone tell me how to get the info out of the IIQ Access Token?
The token I get back isnt a JWT but looks like a B64 encoded string. When I decode it I get another string that is kind of a JWT, but not really and I cant seem to parse it or get any further.
It should follow all the specs defined for a Client Credentials OAuth 2.0 Authorization flow as documented by IETF RFC 6749, with a resulting time-limited Bearer token as defined in IETF RFC 6750.
The tokens themselves are basically just randomly-generated strings that don’t mean anything inherently client-side - they’re used by the authorization server itself internally for request validation. While it’s certainly in-spec to use a JWT for issuing a Bearer token (or authorization token in general - which I believe is what the OIDC spec attempts to standardize on), it’s not defined or required by the core OAuth 2.0 spec.