diff --git a/docs/schemes/oauth2.md b/docs/schemes/oauth2.md
index d175057c3..f2c197cf5 100644
--- a/docs/schemes/oauth2.md
+++ b/docs/schemes/oauth2.md
@@ -18,6 +18,7 @@ auth: {
       token_type: 'Bearer',
       redirect_uri: undefined,
       client_id: 'SET_ME',
+      token_key:  'access_token'
     }
   }
 }
@@ -55,6 +56,10 @@ Should be same as login page or relative path to welcome screen. ([example](http
 
 **REQUIRED** - oauth2 client id.
 
+### `token_key`
+
+By default is set to `token_key: 'access_token'`. If you need to use the IdToken instead of the AccessToken, set this option to `token_key: 'id_token'`.
+
 ## Usage
 
 ```js
diff --git a/lib/schemes/oauth2.js b/lib/schemes/oauth2.js
index 6250c91a6..48db472f7 100644
--- a/lib/schemes/oauth2.js
+++ b/lib/schemes/oauth2.js
@@ -88,8 +88,8 @@ export default class Oauth2Scheme {
     const search = parseQuery(window.location.search.substr(1))
     const parsedQuery = Object.assign({}, search, hash)
 
-    // accessToken
-    let accessToken = parsedQuery.access_token
+    // accessToken/idToken
+    let token = parsedQuery[this.options.token_key || 'access_token']
 
     // -- Authorization Code Grant --
     if (this.options.response_type === 'code' && parsedQuery.code) {
@@ -102,11 +102,11 @@ export default class Oauth2Scheme {
       })
 
       if (data.access_token) {
-        accessToken = data.access_token
+        token = data.access_token
       }
     }
 
-    if (!accessToken || !accessToken.length) {
+    if (!token || !token.length) {
       return
     }
 
@@ -119,11 +119,11 @@ export default class Oauth2Scheme {
 
     // Append token_type
     if (this.options.token_type) {
-      accessToken = this.options.token_type + ' ' + accessToken
+      token = this.options.token_type + ' ' + token
     }
 
     // Store token
-    this.$auth.setToken(this.name, accessToken)
+    this.$auth.setToken(this.name, token)
 
     // Redirect to home
     this.$auth.redirect('home', true)