OIDC (OpenID Connect) JSON/JWT on top of OAuth 2.0 Default for new web, mobile, SPA, and API auth ID token = identity; access token = API authorization