OAuth 2.0 (a.k.a. RFC 6749) has an extension point for defining additional response_type
values beyond the code
and token
values defined within the specification. The OAuth 2.0 Multiple Response Type Encoding Practices specification uses this extension point to define the additional response_type
values id_token
and none
, as well as values for the combinations of code
, token
, and id_token
. These response_type
values are used by OpenID Connect, as well as other systems using OAuth 2.0.
I’m writing this now because I just updated the Multiple Response Types spec to add an IANA Considerations section to make IANA’s job easier when registering these additional response_type
values. No normative changes were made.
The specification is available at:
Leave a Reply
You must be logged in to post a comment.