data = {'grant_type': 'authorization_code',
            'code': authorization_code, 'redirect_uri': callback_uri}
    id_token_response = requests.post(
        token_url, data=data, verify=False,
        allow_redirects=False, auth=(client_id, client_secret))

    print('body: ' + id_token_response.text)

    # we can now use the id_token as much as we want to access protected resources.