stackoom
  简体   繁体   中英

OIDC Authorization Code flow /token response

 原文  2022-08-04 20:33:35       oauth-2.0/ openid-connect/ access-token

Question

Is it possible for /token endpoint to just return id_token and not access_token in case of authorization code flow? I could not find anything mentioned around this in OIDC spec the way I read it. I would appreciate and pointers in documentation around this.

1 answers

solution1
 0  2022-08-05 10:43:37

According to section 3.1.3.3 in the spec it says

After receiving and validating a valid and authorized Token Request from the Client, the Authorization Server returns a successful response that includes an ID Token and an Access Token.

So I guess you always gets both, but its up to you to ignore the tokens you don't care about.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question [node oidc provider]: Authorization code flow Refresh Token Flow With Authorization Code Flow Automated Tests: OIDC: Authorization Code Flow with PKCE: Login credentials Authorization Code Flow with PKCE in Angular with angular-oauth2-oidc oAuth2 oidc code flow with Angular8 - unable to read authorization code form URL Error getting a new token with a valid refresh token with authorization code flow Angular with OAuth 2 Authorization Code grant flow using angular-oauth2-oidc Using a third party site for OAuth2 / OIDC authorization code flow- understanding the final steps .NET Framework, OIDC; How to properly authenticate a user in an authorization code based sign-in flow? Exchanging a code for a token in OpenID Connect authorization code flow
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM