The following diagrams describe the authorization flow based on the response_type and optionally the scope (if it includes the openid scope).
The pictures and information are described in details in the following material:
response_type = code The request is an authorization code flow.If openid is included in the scope then an ID token is issued agains the token end point.
If the scope includes openid
If the scope does not include openid
response_type = tokenThe request requires an implicit flow. This request demands an access_token from the authorization endpoint. This flow works without user authentication, no id_token can be generated, therefore openid scope is not supported
response_type = id_tokenAn Id token is issued from the authorization end point. This flow does not use the token end point
response_type = id_token tokenAn id token and an authorization code are issued from the authorization end point
response_type=code id_tokenAn authorization code and an id token are issued from the authorization end point. An access token and an id token are issue from the token end point.
response_type = code tokenAn authorization code and an access token are issued from the authorization end point. An access token is issued from the token end point.
- if openid is not included in the scope, the IDToken is not included in the response.
response_type=code id_token tokenAn authorization code,an access token and an id_token are issued from the authorization code. An access token and an ID token are included from the token endpoint.
The openid scope is not included in the scope the IDToken is not issued