I mean it is usually paired with an id token, an identifier like an email address is provided, or the access token has a sub claim that is tied back to the user.
So it is not pure authorization, but both authentication and authorization.
Pure authorization would be like a car key, with no identity mixed in.
I mean it is usually paired with an id token, an identifier like an email address is provided, or the access token has a sub claim that is tied back to the user.
So it is not pure authorization, but both authentication and authorization.
Pure authorization would be like a car key, with no identity mixed in.