50 of 238

RP metadata unnecessarily requires a value for response_types

Description

The RP/client metadata specified at dynamic client registration [1] defines response_types as optional. If omitted, the default value is code. Same logic is also used in the OAuth2 equivalent [2], so we should not require any value to be set in the metadata.

[1] https://openid.net/specs/openid-connect-registration-1_0.html

[2] https://datatracker.ietf.org/doc/html/rfc7591

Environment

None

blocks

Details

Assignee

Reporter

Components

Created May 2, 2025 at 12:00 PM
Updated May 2, 2025 at 12:19 PM

Activity