GrantTypes
In Identity Server each client must define what it “grants”, what information does it allow, thus determining what flow is suitable for it.
A Code type is an authorization flow, meaning that it allows an authorization code from the Authorization EndPoint, and an access token from the Token endpoint
To assign a grant type in IdentityServer you have to specify it in the AllowedGrantTypes:
Looking a bit under the hood (you can look for IdentityServer4 git source project) there are 6 types of grants defined:
In IdentityServer source the predefined grant types are :
Response Types
The response type is provided by the client app when it creates the redirect url to the authorization end point. There are 3 values that can be mixed and based on these values, a certain flow is determined.
A response_type actually means what information does the client expects from the Authorization Endpoint.
In RFC6749 the value of response_type is either code or token. OpenID adds a new value id_token
Response type combinations
code |
token |
id_token |
id_token token |
code id_token |
code token |
code id_token token |
none |
Flows matching response types
AuthorizationCode | code |
Implicit | token |
Implicit | id_token |
Hybrid | id_token token |
Hybrid | code id_token |
Hybrid | code token |
Hybrid | code id_token token |
– | none |
Leave a Comment