- edited description
example response for Hybrid flow is lacking token_type
The non-normative example of a successful authentication response for the hybrid flow in section 3.3.2.5 http://openid.net/specs/openid-connect-core-1_0.html#HybridAuthResponse is lacking the required token_type
parameter. The fact that this parameter is required follows out of the text before but should be added in the example as not to confuse implementers. See also: https://github.com/openid-certification/oidctest/issues/104
Comments (7)
-
reporter -
Pretty sure the example is okay.
token_type
is only returned alongside theaccess_token
parameter. The example only has theid_token
andcode
. That implies that theresponse_type
value used in the request wascode id_token
, which is not a case whereaccess_token
andtoken_type
are in the response from the authorization endpoint. -
p.s. it's nice to see you back in action @zandbelt!
-
reporter Right.... I think my brain is not quite OK . yet... I'll check the implementation on our side. Thanks :-)
-
reporter - changed status to invalid
-
pps https://github.com/openid-certification/oidctest/issues/104 looks to be about Implicit (id_token+token), which should return a
token_type
so the test would appear to be ok. -
- changed status to closed
Closing on the basis of Hans and Brian agreeing that it is invalid.
- Log in to comment