[Openid-specs-fapi] Issue #250: certification clarification request: grant_types_supported in discovery (openid/fapi)
issues-reply at bitbucket.org
Thu Jul 18 10:04:08 UTC 2019
New issue 250: certification clarification request: grant_types_supported in discovery
Can the FAPI WG provide clarity on their understanding of the discovery spec please, in particular from [https://openid.net/specs/openid-connect-discovery-1\_0.html#ProviderMetadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata) ‘grant\_types\_supported’ is defined as:
> ` `OPTIONAL. JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports. Dynamic OpenID Providers MUST support the authorization\_code and implicit Grant Type values and MAY support other Grant Types. If omitted, the default value is \["authorization\_code", "implicit"\].
Is it considered compliant for a server to support a grant type \(in this case refresh\_token\) and not list it in grant\_types\_supported?
More information about the Openid-specs-fapi