As you mentioned these 2 points as problems with using access tokens for authentication:
Someone could have stolen the access token from a different user
The access token could have been obtained from another client (not HireMe123) and injected into HireMe123
How are they being solved in OpenID Connect?
Even in OpenID connect, what if I stole a JWT token and present it to authorization server, it will still work right? It is the same for point 2 as well right?
If a token is stolen it can be used by someone else. Just like if a cookie is stolen it too can be used by someone else. It is up to the develop to make sure their application is secure against attacks.
OIDC addresses this by using something called a nonce, which is explained in the section on authentication claims. A nonce provides a way for a client to know that the token it receives is the one being returned from the exact authorization request that was issued.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
As you mentioned these 2 points as problems with using access tokens for authentication:
How are they being solved in OpenID Connect?
Even in OpenID connect, what if I stole a JWT token and present it to authorization server, it will still work right? It is the same for point 2 as well right?
If a token is stolen it can be used by someone else. Just like if a cookie is stolen it too can be used by someone else. It is up to the develop to make sure their application is secure against attacks.
OIDC addresses this by using something called a nonce, which is explained in the section on authentication claims. A nonce provides a way for a client to know that the token it receives is the one being returned from the exact authorization request that was issued.