...
Table of Contents maxLevel 3 minLevel 3
| Warning | ||
|---|---|---|
| ||
It is not recommended to use code token and code id_token token response types as they do not adhere to best practices and may introduce security risks. |
To configure WSO2 Identity Server to support the OpenID Connect hybrid flow for authentication, you need to edit the <IS_HOME>/repository/conf/identity/identity.xml file and add the following entries under <!-- Supported Response Types -->:
...
| Tip | ||
|---|---|---|
| ||
Here, the id_token is required to have a c_hash value. c_hash is the base64url encoding of the left-most half of a hash of the octets in the ASCII representation of a code value, where the hash algorithm used is the hash algorithm of the The c_hash value is mandatory when an You can send the code to the token endpoint to request for an access token, refresh token and id_token. For this you can use the same curl command provided for the code token specified above. |
Following is the response that you will receive from token endpoint:
...
You can send the code to the token endpoint to request for an access token, refresh token and id_token. You can use the same curl command provided for the code token specified above .
Following is the response that you will receive from token endpoint:
...
In case there are two id_tokens issued, where one id_token is from authorization endpoint and other is from token endpoint, be sure to perform the validations mentioned above, which are based on the OpenID Connect specification: