GrantTypes
In Identity Server each client must define what it “grants”, what information does it allow, thus determining what flow is suitable for it.
A Code type is an authorization flow, meaning that it allows an authorization code from the Authorization EndPoint, and an access token from the Token endpoint
To assign a grant type in IdentityServer you have to specify it in the AllowedGrantTypes:
Looking a bit under the hood (you can look for IdentityServer4 git source project) there are 6 types of grants defined:
In IdentityServer source the predefined grant types are :
Response Types
The response type is provided by the client app when it creates the redirect url to the authorization end point. There are 3 values that can be mixed and based on these values, a certain flow is determined.
A response_type actually means what information does the client expects from the Authorization Endpoint.
In RFC6749 the value of response_type is either code or token. OpenID adds a new value id_token
Response type combinations
| code |
| token |
| id_token |
| id_token token |
| code id_token |
| code token |
| code id_token token |
| none |
Flows matching response types
| AuthorizationCode | code |
| Implicit | token |
| Implicit | id_token |
| Hybrid | id_token token |
| Hybrid | code id_token |
| Hybrid | code token |
| Hybrid | code id_token token |
| – | none |
Leave a Comment