Hi @User . Our session management is slightly different compared to auth0's: - We do not issue open ID tokens after login as we do not have features like SSO. A successful login simply yields a session using httpOnly cookies. - This session is governed via an access token (which is a JWT) and a refresh token (which is not a JWT). The access token is not an open ID token and should not be treated as such. - We also abstract away the managing of sessions completely so that you do not have to worry about things like verifying the access token yourself.