[Openid-specs-ab] OpenID query - Hybrid Flow Authentication

Nughmman Butt nughmman.butt at gmail.com
Thu Mar 7 12:49:56 UTC 2019


Hello,


I am going through the following website:


https://openid.net/specs/openid-connect-core-1_0.html

My query relates to the Hybrid Flow Authentication.

*Section 3.3.2.5 Successful Authentication Response states:*


"code
Authorization Code. This is always returned when using the Hybrid Flow."

*section 3.3.2.8. Authentication Response Validation, clause 5 states:*



"Follow the Authorization Code validation rules in Section 3.3.2.10 when
the response_type value used is *code id_token* or *code id_token token*."

Shouldn't clause 5 mention all 3 hybrid flow response types i.e
code id_token, code id_token token *AND CODE TOKEN*?

Please advise.

Rgds
Nughmman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190307/71b4bfeb/attachment.html>


More information about the Openid-specs-ab mailing list