[Openid-specs-ab] Issue #1771: SIOP response_types_supported (openid/connect)
Brian Campbell
issues-reply at bitbucket.org
Fri Jan 6 17:55:11 UTC 2023
New issue 1771: SIOP response_types_supported
https://bitbucket.org/openid/connect/issues/1771/siop-response_types_supported
Brian Campbell:
[https://openid.net/specs/openid-connect-self-issued-v2-1\_0-12.html#section-6.1-6.3.1](https://openid.net/specs/openid-connect-self-issued-v2-1_0-12.html#section-6.1-6.3.1)
Says that AS/OP `response_types_supported` metadata is “A JSON array of strings representing supported response types. MUST be `id_token`”. An array can’t be a string but more importantly this reads as though it precludes other response types like authorization code that are discussed elsewhere in the document as being usable.
Is this intentional?
Should it rather say something like “MUST include id\_token”?
More information about the Openid-specs-ab
mailing list