OAuth 2.0 (a.k.a. RFC 6749) has an extension point for defining additional
response_type values beyond the
token values defined within the specification. The OAuth 2.0 Multiple Response Type Encoding Practices specification uses this extension point to define the additional
none, as well as values for the combinations of
response_type values are used by OpenID Connect, as well as other systems using OAuth 2.0.
I’m writing this now because I just updated the Multiple Response Types spec to add an IANA Considerations section to make IANA’s job easier when registering these additional
response_type values. No normative changes were made.
The specification is available at: