OpenID Connect is a simple identity layer on top of OAuth 2.0 protocol. It adds authentication and identity
information to OAuth2.
It allows Clients to verify the identity of the end user based on authentication performed by
an authorization server as well as to obtain basic profile information about the end user.
Id_token contains claims about the authentication of an end user (ex: given_name, family_name)
Id_tokens can be used for signing in an application and getting user related information whereas
access_tokens are for accessing resources.
Userinfo endpoint - can be used to get more information about the user (ex: claims we didn't included in id_token)
In Implicit flow: both id_token and access_token are returned at the same time
OpenID Connect adds identity scopes to OAuth2's resource scopes
ex of a resource scope, 'gallerymanagement'
ex of a identity scope => profile scope
(above can include name, family_name, given_name, profile picture, gender, birthdate etc)
so 'identity scope' is basically a collection of claims