Configuring a Response Type Constraints instance
The Response Type Constraints policy plugin allows administrators to control which flows are allowed for clients created through the OAuth 2.0 Dynamic Client Registration protocol.
About this task
Configure an instance of the Response Type Constraints policy to limit which of the following response_types
parameter values are allowed:
-
code
-
code id_token
-
code id_token token
-
code token
-
id_token
-
id_token token
-
token
For more information about flows and response types, see the OpenID Connect specification.
Steps
-
Go to System → OAuth Settings → Client Registration Policies.
Choose from:
-
To configure a new instance, click Create New Instance.
-
To modify an existing instance, select it under Instance Name.
-
-
On the Type tab, enter a name and an ID for a new instance, and then select Response Type Constraints from the Type list.
When modifying an existing policy plugin instance, you can only change the Instance Name field.
-
On the Instance Configuration tab, clear the applicable check boxes to remove the unwanted response types.
All response types are allowed by default.
-
On the Summary tab, review the plugin configuration. Click Done.
-
In the Client Registration Policy Instances window, click Save.
Result
Like other Client Registration Policy plugins, an instance of the Response Type Constraints policy plugin is not enforced, or executed as part of the dynamic client registration process, until it is selected in System → OAuth Settings → Client Registration Policies
|