[Openid-specs-fapi] Issue #250: certification clarification request: grant_types_supported in discovery (openid/fapi)

josephheenan issues-reply at bitbucket.org
Thu Jul 18 10:04:08 UTC 2019


New issue 250: certification clarification request: grant_types_supported in discovery
https://bitbucket.org/openid/fapi/issues/250/certification-clarification-request

Joseph Heenan:

Can the FAPI WG provide clarity on their understanding of the discovery spec please, in particular from [https://openid.net/specs/openid-connect-discovery-1\_0.html#ProviderMetadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata) ‘grant\_types\_supported’ is defined as:

‌

> grant\_types\_supported  
> ` `OPTIONAL. JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports. Dynamic OpenID Providers MUST support the authorization\_code and implicit Grant Type values and MAY support other Grant Types. If omitted, the default value is \["authorization\_code", "implicit"\].  

  
Is it considered compliant for a server to support a grant type \(in this case refresh\_token\) and not list it in grant\_types\_supported?




More information about the Openid-specs-fapi mailing list