When a response_type parameter contains id_token


When the response_type parameter of an authorization request contains id_token in its value, the scope parameter of the request must contains openid in its value. 


When calling the Authlete /auth/authorization API, if the response_type in the parameters contains id_token, please make the scope parameter contains openid in its value. 

Otherwise, the API will return the response like below.

  "type": "authorizationResponse",
  "resultCode": "A004302",
  "resultMessage": "[A004302] The value of 'response_type' (id_token) is not allowed when 'scope' does not contain 'openid'.",
  "action": "BAD_REQUEST",
  "client": ...

How did we do with this article?