In Identity Server each client must define what it “grants”, what information does it allow, thus determining what flow is suitable for it.
A Code type is an authorization flow, meaning that it allows an authorization code from the Authorization EndPoint, and an access token from the Token endpoint
To assign a grant type in IdentityServer you have to specify it in the AllowedGrantTypes:
Looking a bit under the hood (you can look for IdentityServer4 git source project) there are 6 types of grants defined:
In IdentityServer source the predefined grant types are :
The response type is provided by the client app when it creates the redirect url to the authorization end point. There are 3 values that can be mixed and based on these values, a certain flow is determined.
A response_type actually means what information does the client expects from the Authorization Endpoint.
In RFC6749 the value of response_type is either code or token. OpenID adds a new value id_token
Response type combinations
|code id_token token|
Flows matching response types
|Hybrid||code id_token token|