Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16572

OIDC auth code grant always receives an access and an id token

    XMLWordPrintable

    Details

    • Rank:
      1|i01ohb:
    • AM 7 Must Doc
    • No
    • No
    • No
    • No (add reasons in the comment)

      Description

      Docs say you can get an id token only when using the auth code grant, but it is not possible. You always get both, because the request ends in the access_token endpoint, and the endpoint will always return an access token.

      If the customer doesn't want the access token, they can revoke it or filter it using IG.

       

      It is possible though in the implicit and hybrid grants because you request the token types you want, instead of just the code.

       

        Attachments

          Activity

            People

            cristina.herraz Cristina Herraz [X] (Inactive)
            cristina.herraz Cristina Herraz [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: