id_ token
Registry Context
The id_token value is an extension authorization endpoint response type. RFC 6749 requires authorization requests to include response_type, requires its value to be code, token, or a registered extension value, and requires an error response when the value is not understood.
Technical Summary
The name id_token conforms to the RFC 6749 response-type ABNF. RFC 6749 does not define the response semantics of id_token; those are defined by its extension specification.
When Used
Used when an authorization request invokes an extension specification that defines the id_token response type.
Normative Requirements
Clients
RFC 6749 - Section 3.1.1
Use code, token, or a registered extension value as the response_type value..
Condition: When setting response_type in an authorization request; id_token therefore has to be a registered extension value.
The value MUST be one of "code", "token", or a registered extension value.
RFC 6749 - Section 3.1.1
Include the response_type parameter in the authorization request..
Condition: When sending an authorization request using the id_token response type.
response_type REQUIRED.
Authorization servers
RFC 6749 - Section 3.1.1
Return an error response when the id_token response type is not understood..
Condition: When an authorization request uses response_type=id_token and the authorization server does not understand it.
the authorization server MUST return an error response as described in Section 4.1.2.1.
Extension specifications and registry submitters
RFC 6749 - Section 8.4
Ensure the id_token response type name conforms to the response-type ABNF..
Condition: When defining and registering the response type.
Response type names MUST conform to the response-type ABNF.
Validation Guidance
Verify that an authorization request using id_token includes the response_type parameter.
Verify that id_token is handled as a registered extension response_type value rather than as a response type defined by RFC 6749 itself.
Validate id_token against the RFC 6749 response-type ABNF: response-name = 1*response-char; response-char = "_" / DIGIT / ALPHA.
Return an OAuth authorization error response when response_type=id_token is not understood.
Reference
OAuth 2.0 Multiple Response Type Encoding Practices
Details
- Entry Id
id_token - Name
id_token - Change Controller
OpenID_Foundation_ Artifact_ Binding_ WG - Reference
OAuth 2.0 Multiple Response Type Encoding Practices