prompt=create implicit example undefined behaviour?

This example in the prompt=create spec:

‌

 GET /as/authorization.oauth2?response_type=token
     &client_id=example-client
     &state=XzZaJlcwYew1u0QBrRv_Gw
     &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Eorg%2Fcb
     &prompt=create
     &scope=openid%20profile HTTP/1.1
  Host: authorization-server.example.com

I think invokes undefined behaviour, as response_type=token combined with scope=openid don’t have defined behaviour? It might be better to include id_token in the response_type.

Comments (3)