Reputation: 137
response_type and grant_type in OAuth2.0/OIDC specifications
I am currently working on the specification "CIBA" of openID. This specification says it is mandatory to have a new grant_type urn:openid:params:grant-type:ciba. So I am writing a new grant_type [handlers & validators for them]. But is it essential to write new response_type?
Can't we use response_type=code in authorization request and then use grant_type=urn:openid:params:grant-type:ciba in token request to get Access & ID Token from IdP?
Upvotes: 1
Views: 226
Answers (1)
Reputation: 19001
All the CIBA flows are started by sending a request to a backchannel authentication endpoint, not to an authorization endpoint.
The backchannel authentication endpoint is a new endpoint defined in the CIBA specification. The endpoint does not recognize the response_type parameter, so you don't have to care about values for the parameter. Note that CIBA flows don't use the authorization endpoint.
See “CIBA”, a new authentication/authorization technology in 2019, explained by an implementer for details.
Upvotes: 2
Related Questions
- About OAuth2 grant types
- OpenIDConnect Response Type Confusion
- grant_type vs response_type in OAuth2.0/OIDC
- OIDC Authorization Code flow /token response
- OIDC OAuth 2.0 Authentication and Authorization
- What determines the oauth2 grant type being used?
- How to set oidc ResponseType to get both claims and access_token?
- Open ID Connect Multiple response types
- OpenID connect implicit flow response
- Usage of response_type="code token" in OAuth 2?