Ldapwiki: Response

Overview#

Response_type (OAuth Authorization Endpoint Response Types) defined in Section 3.1.1 the Response_type is used in the Authorization Request

The OAuth Client informs the Authorization Server of the desired Grant Type using the following parameter: response_type REQUIRED. The value MUST be one of:

"code" for requesting an Authorization Code Grant as described by Section 4.1.1,
"token" for requesting an Access Token (Implicit Grant) as described by Section 4.2.1,
"none" the Authorization Server SHOULD NOT return an OAuth 2.0 Authorization Code, Access Token, token_type, or Identity Token in a successful response to the grant request. If a redirect_uri is supplied, the User-agent SHOULD be redirected there after granting or denying access.[1]
"id_token" - The intended purpose of the id_token is that it MUST provide an assertion of the identity of the Resource Owner as understood by the Authorization Server. The assertion MUST specify a targeted audience, e.g. the requesting Client. [1]
or a registered extension value as described by Section 8.4.

Extension response types MAY contain a space-delimited (%x20) list of values, where the order of values does not matter (e.g., response type "a b" is the same as "b a"). The meaning of such composite Response_type is defined by their respective specifications.

If an Authorization Request is missing the "response_type" parameter, or if the response_type is not understood, the Authorization Server MUST return an OAuth Error response as described in Section 4.1.2.1.

Definitions of Multiple-Valued Response_type Combinations#

This section defines combinations of the values code, token, and id_token, which are each individually registered Response Types:

code token - When supplied as the value for the Response_type parameter, a successful response MUST include an Access Token, an Access Token token_type, and an Authorization Code. The default Response_mode for this Response Type is the Fragment Response Mode encoding and the query Response Mode encoding MUST NOT be used. Both successful and OAuth Error responses SHOULD be returned using the supplied Response_mode, or if none is supplied, using the default Response_mode.
code id_token - When supplied as the value for the response_type parameter, a successful response MUST include both an:
- Authorization Code
- id_token.
  The default Response Mode for this Response Type is the Fragment Response Mode encoding and the query Response Mode encoding MUST NOT be used. Both successful and OAuth Error responses SHOULD be returned using the supplied Response_mode, or if none is supplied, using the default Response Mode.
id_token token - When supplied as the value for the Response_type parameter, a successful response MUST include an:
- Access Token
- Access Token Type
- id_token.
  The default Response Mode for this Response Type is the Fragment Response Mode encoding and the query encoding MUST NOT be used. Both successful and OAuth Error responses SHOULD be returned using the supplied Response Mode, or if none is supplied, using the default Response Mode.
code id_token token - When supplied as the value for the response_type parameter, a successful response MUST include an
- Authorization Code
- id_token
- Access Token
- Access Token Type.
  The default Response_mode for this Response Type is the Fragment Response Mode encoding and the query encoding MUST NOT be used. Both successful and OAuth Error responses SHOULD be returned using the supplied Response Mode, or if none is supplied, using the default Response Mode.

For all these Response_type, the request MAY include a state parameter, and if so, the Authorization Server MUST echo its value as a response parameter when issuing either a successful response or an error response