oauth2.dev

none

OpenID_Foundation_Artifact_Binding_WG

Registry Context

`none` is a registered extension response type for the OAuth authorization endpoint. RFC 6749 governs its use as an extension value and its syntax, but does not define the item-specific response semantics of `none`.

Technical Summary

The value `none` conforms to the RFC 6749 response-name syntax. A client can use it as the required `response_type` parameter because it is a registered extension value. An authorization server that does not understand it must return an authorization error response.

When Used

Used as the authorization request's `response_type` value when the applicable extension or profile defines and supports `none`; its response semantics are defined outside RFC 6749.

Normative Requirements

Clients

MUST
1

  1. RFC 6749 - Section 3.1.1

    use `code`, `token`, or a registered extension value such as `none` as the authorization request's `response_type` value.

    Condition: when supplying the `response_type` parameter

    The value MUST be one of "code", "token", or a registered extension value.

REQUIRED
1

  1. RFC 6749 - Section 3.1.1

    include the `response_type` parameter in the authorization request.

    Condition: when making an authorization request, including one using `none`

    response_type REQUIRED.

Authorization servers

MUST
1

  1. RFC 6749 - Section 3.1.1

    return an error response as described in RFC 6749 Section 4.1.2.1.

    Condition: when the authorization request omits `response_type` or supplies a response type the authorization server does not understand

    the authorization server MUST return an error response as described in Section 4.1.2.1.

Response types

MUST
1

  1. RFC 6749 - Section 8.4

    conform to the response-type ABNF, where each response name contains one or more underscores, digits, or letters.

    Condition: when defining or validating an authorization endpoint response type

    Response type names MUST conform to the response-type ABNF.

Validation Guidance

error

Verify that `none` matches the RFC 6749 response-name syntax.

error

Accept `none` as a `response_type` value only where the registered extension is supported and understood by the authorization server.

error

Reject an authorization request that omits the `response_type` parameter.

error

When `none` is not understood, return the authorization error response specified by RFC 6749 Section 4.1.2.1 rather than interpreting it as another response type.

Reference

OAuth 2.0 Multiple Response Type Encoding Practices

Details

Entry Id
none
Name
none
Change Controller
OpenID_Foundation_Artifact_Binding_WG
Reference
OAuth 2.0 Multiple Response Type Encoding Practices