> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn how the OIDC-conformant pipeline affects the tokens used to secure APIs, including scopes and claims.

# Access Tokens with OIDC

Because applications and APIs (resources) are defined as separate Auth0 entities with the OIDC-conformant pipeline, you can get <Tooltip tip="Access Token: Authorization credential, in the form of an opaque string or JWT, used to access an API." cta="View Glossary" href="/docs/glossary?term=access+tokens">access tokens</Tooltip> for your APIs. Consequently, all APIs should be secured with access tokens instead of <Tooltip tip="Access Token: Authorization credential, in the form of an opaque string or JWT, used to access an API." cta="View Glossary" href="/docs/glossary?term=ID+tokens">ID tokens</Tooltip>. To learn more, read [Access Tokens](/docs/secure/tokens/access-tokens) and [ID Tokens](/docs/secure/tokens/id-tokens).

## Claims

The OIDC-conformant pipeline standardizes claims that you can add to ID and access tokens.

### Standard claims

The OIDC specification defines a [](https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims) set of standard claims about users, such as profile and email, that can be returned in ID tokens or in the response from the `/userinfo` endpoint.

To learn about the OIDC standard claim specification, read [Section 5.1 Standard Claims](https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims) in the [OpenID Specification](https://openid.net).

### Custom claims

With the OIDC-conformant pipeline, custom claims may still be added to ID tokens or access tokens, but they must conform to a namespaced format to avoid possible collisions with standard OIDC claims.

To learn how to add a custom claim in the OIDC-conformant pipeline, read [Create Namespaced Custom Claims](/docs/secure/tokens/json-web-tokens/create-custom-claims).

## Scopes

In the OIDC-conformant pipeline, you can configure your applications in Auth0 to use scopes to request that:

* Standard OIDC claims, such as `profile` and `email`, be included in the ID token (if the user consents to provide this information to the application).
* Permissions supported by the API they want to access be included in the access token. For example, you can define your custom API's <Tooltip tip="Audience: Unique identifier of the audience for an issued token. Named aud in a token, its value contains the ID of either an application (Client ID) for an ID Token or an API (API Identifier) for an Access Token." cta="View Glossary" href="/docs/glossary?term=audience">audience</Tooltip> and required scopes, which will allow you to segregate access to different operations within your API.

To learn more, read [OpenID Connect Scopes](/docs/get-started/apis/scopes/openid-connect-scopes).

## Learn more

* [External APIs with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-apis)
* [Authorization Code Flow with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-auth-code-flow)
* [Client Credentials Flow with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-client-credentials-flow)
* [Delegation with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-delegation)
* [Implicit Flow with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-implicit-flow)
* [Refresh Tokens with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-refresh-tokens)