Use Bearer in token_type in Implicit Flow response example

Issue #985 resolved
Iván Perdomo created an issue

The section "Successful Token Response" ( states that the token_type MUST be Bearer as as specified in OAuth 2.0 Bearer Token Usage [RFC6750]. However there is another example that uses bearer in token_type. See section "Successful Authentication Response" (

  HTTP/1.1 302 Found
    &id_token=eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso

That example does not follow the RFC6750

Comments (6)

  1. Ray Luo

    Hi Mr. Jones, thanks for clarifying this confusing topic by your unambiguous commit!

    But those changes have not (yet?) been published to the OIDC specs hosted on, for example, not in this “ Successful Token Response“ section ( In fact, the metadata at the very top of that published specs contains some keywords like “Final”, “November 8, 2014”, “OpenID Connect Core 1.0 incorporating errata set 1“. Is it really up-to-date?

    PS: I work for Microsoft and maintain one of its authentication SDK. Would like to better understand this specs. Thanks for your time reading this.

  2. Log in to comment