The Response Type Constraints policy plugin allows administrators to control which flows are allowed for clients created through the OAuth 2.0 Dynamic Client Registration protocol.
Configure an instance of the Response Type Constraints policy to limit which of the following response_types parameter values are allowed:
- code
- code id_token
- code id_token token
- code token
- id_token
- id_token token
- token
For more information about flows and response types, see the OpenID Connect specification.
Like other Client Registration Policy plugins, an instance of the Response Type Constraints policy plugin is not enforced, or executed as part of the dynamic client registration process, until it is selected in . If it is selected in the Client Registration Policies window, PingFederate discards all restricted response types when processing client registrations. If no response type is allowed, PingFederate rejects the registration and returns an error message to the originator.