The OpenID Connect spec doesn't specify the required format for access tokens. Some OpenID providers like Keycloak and Okta use JWTs for access tokens. Open Liberty uses opaque access tokens by default but can be configured to use JWTs. Google uses opaque access tokens. 

The current OIDC implementation assumes JWTs for access tokens. We need to update this to handle opaque access tokens as well.