[Openid-specs-ab] Issue #1200: Impact of Implicit Grant Removal in OAuth 2.1 (openid/connect)
ritou
issues-reply at bitbucket.org
Thu Oct 22 15:42:46 UTC 2020
New issue 1200: Impact of Implicit Grant Removal in OAuth 2.1
https://bitbucket.org/openid/connect/issues/1200/impact-of-implicit-grant-removal-in-oauth
Ryo Ito:
One developer asked me about the synchronization of the OIDC and OAuth 2.1 specifications.
'If Implicit Grant is omit in OAuth 2.1, what will happen to OIDC's Hybrid Flow?'
He is concerned that of the multiple Response Type combinations defined in "OAuth 2.0 Multiple Response Type Encoding Practices", only "code id\_token" will be allowed to be used.
The summary is here.
[https://ritou.medium.com/about-the-future-of-oauth-2-0-multiple-response-types-7e4dac8ceb37](https://ritou.medium.com/about-the-future-of-oauth-2-0-multiple-response-types-7e4dac8ceb37)
Will OIDC continue to allow the use of "token id\_token" and "code token id\_token"?
If not, what changes will be required for RPs using Hybrid Flow?
More information about the Openid-specs-ab
mailing list