Standard - 4.2.2 inconsistent definition of "code token" response type / flow
Issue #206
resolved
4.2.2. Authorization Code Flow
"To use the Implicit Flow, the client simply requests for an Access Token to be returned in the Authorization Request. To use the Authorization Code Flow, the client requests for an Authorization Code to be returnd in the Authorization Request."
This is inconsistent with allowing both "code token" at the same type. One cannot determine whether such a request is Implicit flow or Code flow based on the text quoted above, it implies that both flow qualify.
Comments (2)
-
-
-
assigned issue to
- changed status to resolved
I changed that and cleaned up the response types.
-
assigned issue to
- Log in to comment
We should see also "4.2.1. How To Get An Authorization Code, Access Token, and ID Token".