diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
index 0949ac95d..580a55a36 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@@ -24,6 +24,7 @@ import java.util.Map;
 import java.util.Set;
 
 import javax.persistence.Basic;
+import javax.persistence.CascadeType;
 import javax.persistence.CollectionTable;
 import javax.persistence.Column;
 import javax.persistence.ElementCollection;
@@ -36,6 +37,7 @@ import javax.persistence.JoinColumn;
 import javax.persistence.ManyToOne;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
+import javax.persistence.OneToOne;
 import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.Transient;
@@ -72,7 +74,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	
 	private Jwt jwtValue; // JWT-encoded access token value
 	
-	private IdToken idToken; // JWT-encoded OpenID Connect IdToken
+	private OAuth2AccessTokenEntity idToken; // JWT-encoded OpenID Connect IdToken
 	
 	private Date expiration;
 
@@ -225,43 +227,33 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	}
     
 	/**
-	 * This is transient b/c the IdToken is not serializable. Instead,
-	 * the toString of the IdToken is persisted in idTokenString 
 	 * @return the idToken
 	 */
-    @Transient
-	public IdToken getIdToken() {
+    @OneToOne(cascade=CascadeType.ALL) // one-to-one mapping for now
+    @JoinColumn(name = "id_token_id")
+	public OAuth2AccessTokenEntity getIdToken() {
 		return idToken;
 	}
 
 	/**
 	 * @param idToken the idToken to set
 	 */
-	public void setIdToken(IdToken idToken) {
+	public void setIdToken(OAuth2AccessTokenEntity idToken) {
 		this.idToken = idToken;
 	}
 	
 	/**
 	 * @return the idTokenString
 	 */
-	@Basic
-	@Column(name="id_token_string")
+	@Transient
 	public String getIdTokenString() {
 		if (idToken != null) {
-			return idToken.toString();
+			return idToken.getValue(); // get the JWT string value of the id token entity
 		} else {
 			return null;
 		}
 	}
 
-	/**
-	 * @param idTokenString the idTokenString to set
-     * @throws IllegalArgumentException if "value" is not a properly formatted JWT string
-	 */
-	public void setIdTokenString(String idTokenString) {
-		this.idToken = IdToken.parse(idTokenString);
-	}
-
 	/**
 	 * @return the jwtValue
 	 */
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
index 9d1b3997d..a171a8001 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
@@ -87,6 +87,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 
 			String userId = authentication.getName();
 		
+			OAuth2AccessTokenEntity idTokenEntity = new OAuth2AccessTokenEntity();
 			IdToken idToken = new IdToken();
 			
 			IdTokenClaims claims = new IdTokenClaims();
@@ -98,6 +99,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 			if (client.getIdTokenValiditySeconds() != null) {
 				Date expiration = new Date(System.currentTimeMillis() + (client.getIdTokenValiditySeconds() * 1000L));
 				claims.setExpiration(expiration);
+				idTokenEntity.setExpiration(expiration);
 			}
 			
 			claims.setIssuer(configBean.getIssuer());
@@ -119,7 +121,13 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
             	logger.warn("Couldn't sign id token", e);
             }
 			
-			token.setIdToken(idToken);
+
+			idTokenEntity.setJwt(idToken);
+			
+			idTokenEntity.setAuthenticationHolder(token.getAuthenticationHolder());
+			idTokenEntity.setScope(token.getScope());
+			
+			token.setIdToken(idTokenEntity);
 		}
 		
 		return token;
diff --git a/openid-connect-server/src/main/resources/db/tables/database_tables.sql b/openid-connect-server/src/main/resources/db/tables/database_tables.sql
index 390095e90..9beb38af1 100644
--- a/openid-connect-server/src/main/resources/db/tables/database_tables.sql
+++ b/openid-connect-server/src/main/resources/db/tables/database_tables.sql
@@ -10,7 +10,7 @@ CREATE TABLE IF NOT EXISTS access_token (
 	refresh_token_id BIGINT,
 	client_id VARCHAR(256),
 	auth_holder_id BIGINT,
-	id_token_string VARCHAR(4096)
+	id_token_id BIGINT
 );
 
 CREATE TABLE IF NOT EXISTS address (