In this authentication process, the authorization endpoint returns all tokens. The endpoint returns the Access token and ID token directly to the client application that may result in revealing the tokens to the user and applications that have access to the User Agent.
Process Flow:
The client application generates an authentication request containing the desired request parameters and sends the request to the authorization server.
The authorization server authenticates the user.
The authorization server obtains the user consent.
The authorization server sends the user to the client application with an ID token and, if requested, an Access token.
The client application validates the ID token and retrieves the user's Subject Identifier.