This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Response_type
Response_type

Version management

Difference between version and

At line 1 added 41 lines
!!! Overview
[{$pagename}] (OAuth Authorization Endpoint Response Types) defined in [Section 3.1.1|RFC 6749] the [{$pagename}] is used in the [Authorization Request]
The [OAuth Client] informs the [Authorization Server] of the desired [Grant Type] using the following parameter:
[response_type] REQUIRED. The value MUST be one of:
* "[code|Authorization Code]" for requesting an [Authorization Code Grant] as described by [Section 4.1.1|RFC 6749],
* "[token]" for requesting an [Access Token] ([Implicit Grant]) as described by [Section 4.2.1|RFC 6749],
* "none" the [Authorization Server] [SHOULD NOT] return an [OAuth 2.0] [Authorization Code], [Access Token], [token_type], or [Identity Token] in a successful response to the grant request. If a [redirect_uri] is supplied, the [User-agent] [SHOULD] be redirected there after granting or denying access.[1]
* "[id_token|Identity Token]" - The intended purpose of the [id_token|Identity Token] is that it __[MUST]__ provide an assertion of the identity of the [Resource Owner] as understood by the [Authorization Server]. The assertion [MUST] specify a targeted [audience|aud], e.g. the requesting Client. [1]
* or a registered extension value as described by Section 8.4.
Extension response types [MAY] contain a space-delimited (%x20) list of values, where the order of values does not matter (e.g., response type "a b" is the same as "b a"). The meaning of such composite [{$pagename}] is defined by their respective specifications.
If an [Authorization Request] is missing the "[response_type]" parameter, or if the [response_type] is not understood, the [Authorization Server] [MUST] return an [OAuth Error] response as described in [Section 4.1.2.1.|RFC 6749]
!! Definitions of Multiple-Valued [{$pagename}] Combinations
This section defines combinations of the values code, token, and id_token, which are each individually registered Response Types:
* [code|Authorization Code] [token|access_token] - When supplied as the value for the [{$pagename}] parameter, a successful response [MUST] include an [Access Token], an [Access Token] [token_type], and an [Authorization Code]. The default [Response_mode] for this Response Type is the [Fragment Response Mode] encoding and the [query Response Mode] encoding [MUST NOT] be used. Both successful and [OAuth Error] responses [SHOULD] be returned using the supplied [Response_mode], or if none is supplied, using the default [Response_mode].
* [code|Authorization Code] [id_token] - When supplied as the value for the response_type parameter, a successful response [MUST] include both an:
** [Authorization Code]
** [id_token]. \\The default Response Mode for this Response Type is the [Fragment Response Mode] encoding and the [query Response Mode] encoding [MUST NOT] be used. Both successful and [OAuth Error] responses [SHOULD] be returned using the supplied [Response_mode], or if none is supplied, using the default Response Mode.
* [id_token] [token|access_token] - When supplied as the value for the [{$pagename}] parameter, a successful response [MUST] include an:
** Access Token
** [Access Token Type]
** [id_token]. \\ The default Response Mode for this Response Type is the [Fragment Response Mode] encoding and the query encoding [MUST NOT] be used. Both successful and [OAuth Error] responses [SHOULD] be returned using the supplied Response Mode, or if none is supplied, using the default Response Mode.
* [code|Authorization Code] [id_token] [token|access_token] - When supplied as the value for the response_type [parameter], a successful response [MUST] include an
** [Authorization Code]
** [id_token]
** [Access Token]
** [Access Token Type]. \\The __default__ [Response_mode] for this Response Type is the [Fragment Response Mode] encoding and the query encoding [MUST NOT] be used. Both successful and [OAuth Error] responses [SHOULD] be returned using the supplied Response Mode, or if none is supplied, using the default Response Mode.
For all these [{$pagename}], the request [MAY] include a state parameter, and if so, the [Authorization Server] [MUST] echo its value as a response parameter when issuing either a successful response or an error response
!! [OAuth Authorization Endpoint Response Types Registry]
[{$pagename}] values should be in the [OAuth Authorization Endpoint Response Types Registry]
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [OAuth 2.0 Multiple Response Type Encoding Practices|http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html|target='_blank'] - based on information obtained 2015-08-02
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop