Regular Web APP (using OIDC)

In this scenario you have a traditional web application which needs to authenticate users using OpenID Connect.

The web application will use the Authorization Code Flow to authenticate the user, and can then subsequently use the id_token which is returned to obtain information about the user.

The application will also typically create a user session which is stored in one or more cookies to keep track of the user which is logged in.

Note: In this scenario an access_token is also returned but it is rarely used since there is no API involved against which the user needs to be authenticated.