Configure an instance of the Response Type Constraints policy plugin to limit which of the following response_types parameter values are allowed:
- code
- code id_token
- code id_token token
- code token
- id_token
- id_token token
- token
This capability allows administrators to control which flows are allowed for clients created through the OAuth 2.0 Dynamic Client Registration protocol.
For more information about flows and response types, see the OpenID Connect specification (openid.net/specs/openid-connect-core-1_0.html#Authentication).
Like other Client Registration Policy plugins, an instance of the Response Type Constraints policy plugin is not enforced (or executed as part of the dynamic client registration process) until it is selected on the . If it is selected on the screenClient Registration Policies screen, PingFederate discards all restricted response types when processing client registrations. If no response type is allowed, PingFederate rejects the registration and returns an error message to the originator.