Hello there,
We have a client who wants to use Hybrid Flow for OIDC implementation and for that i need to make sure what would be the request and response that OAuth server will receive and send as response..
For Example:Auth Request:https://myOIDC.domain.com/auth/oauth/v2/authorize?client_id=65c6e887-bfda-4239-8449-1d1f1cf2e1kr&
response_type=code%20id_token&redirect_uri=https://clientApp_callbackURL&scope=openid%20offline_access%20profile%20email&
response_mode=form_post&nonce=637193795768817490.MmVlZmZhZjAtYjg2MC00MjkyLWJkNWUtYzM5N2FiMWU0YmMzNDlkZTExY2UtZDRjMC00ZDM2LTk5ZGYtMzY1ZmUzNGJiOTZm&state=%2f1234
what will be the response from OAuth server for this above request?
As per Doc, for CODE flow, client should receive this..
Header: 302
Header: Location: the-redirect-uri?code=an-authorization-code&state=thegiven-state
For response_type=token id_token, the response from OAuth will be ...
Header: 302
Header: Location: the-redirect-uri?state=the-givenstate#access_token=an-access_token&expires_in=lifetimein-
seconds&token_type=Bearer&scope=grantedscope&id_token=an-id-token-represented-asjwt&
id_token_type=urn%3Aietf%3Aparams%3Aoauth%3Agranttype%3Ajwt-bearer
However, for
response_type=CODE ID_TOKEN and response_mode=form_post... what will be the response from OAuth server?
thanks