openid / connect / issues / #1028 - example response for Hybrid flow is lacking token_type — Bitbucket

Issue #1028 closed

Hans Zandbelt created an issue 2018-06-08

The non-normative example of a successful authentication response for the hybrid flow in section 3.3.2.5 http://openid.net/specs/openid-connect-core-1_0.html#HybridAuthResponse is lacking the required token_type parameter. The fact that this parameter is required follows out of the text before but should be added in the example as not to confuse implementers. See also: https://github.com/openid-certification/oidctest/issues/104

Comments (7)

Hans Zandbelt reporter
- edited description
- 2018-06-08T07:11:58+00:00
Brian Campbell
Pretty sure the example is okay. token_type is only returned alongside the access_token parameter. The example only has the id_token and code. That implies that the response_type value used in the request was code id_token, which is not a case where access_token and token_type are in the response from the authorization endpoint.
- 2018-06-08T15:54:31+00:00
Brian Campbell
p.s. it's nice to see you back in action @zandbelt!
- 2018-06-08T15:56:17+00:00
Hans Zandbelt reporter
Right.... I think my brain is not quite OK . yet... I'll check the implementation on our side. Thanks :-)
- 2018-06-08T16:25:59+00:00
Hans Zandbelt reporter
- changed status to invalid
- 2018-06-08T16:26:20+00:00
Brian Campbell
pps https://github.com/openid-certification/oidctest/issues/104 looks to be about Implicit (id_token+token), which should return a token_type so the test would appear to be ok.
- 2018-06-08T16:35:24+00:00
Michael Jones
- changed status to closed
Closing on the basis of Hans and Brian agreeing that it is invalid.
- 2018-06-11T23:23:35+00:00
Log in to comment

Assignee: –

Type: bug

Priority: minor

Status: closed

Component: Core

Milestone: Errata

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!