Question: Support for 'code id_token' as response_type in AuthorizationTokenRequest

[CuriousDev21]

Hello,

I have been using the Flutter AppAuth library for implementing OAuth2/OpenID Connect authentication in my app, and I encountered an issue when trying to use the 'code id_token' response_type.

Currently, it seems that the library defaults to the 'code' response_type. The native libraries seem to support using "code id_token" as response_type for the authorization request. However, in my use case, I need the response_type to be 'code id_token'. When I tried to modify the URL manually and used 'code id_token' in the browser, the authentication flow worked correctly. But with the current implementation of the library, I couldn't find a way to set the response_type as 'code id_token'. Is there a way to get the url generated by the library maybe?

Could you please guide me on how to set the response_type to 'code id_token' using the AuthorizationTokenRequest class in the library? If it's not currently supported, I kindly request you to consider adding this feature, as it would be helpful for developers who need to use different response types in their OAuth2/OpenID Connect implementations.

Here's a snippet of my current implementation:

final authorizationTokenRequest = AuthorizationTokenRequest(
  Configuration.auth0ClientId,
  Configuration.authRedirectUri,
  issuer: Configuration.authIssuer,
  clientSecret: Configuration.authClientSecret,
  scopes: scopes2,
  nonce: nonce,
  promptValues: ['login'],
//ideally responseType: 'code id_token',
);
final AuthorizationTokenResponse? result =
    await appAuth.authorizeAndExchangeCode(authorizationTokenRequest);

I tried setting the responseMode variable to 'code id_token' but it seems to be irrelevant.

Thank you for your time and your work on this library. Looking forward to hearing your suggestions.

Best regards,

[MaikuB]

Could you please guide me on how to set the response_type to 'code id_token' using the AuthorizationTokenRequest class in the library? If it's not currently supported, I kindly request you to consider adding this feature, as it would be helpful for developers who need to use different response types in their OAuth2/OpenID Connect implementations.

This plugin is a library is a wrapper for native SDKs that are maintained by others. Consequently, the functionality available depends on what those SDKs support. This should mean that your issue is occurring because those SDKs don't support it and you can look further to confirm. Given they are open source you (and so is this plugin) you can contribute to them if there are features lacking as well

[MaikuB]

Had someone I personally know asked about this before so other thing I should mention that if there's something that can be changed on this plugin's side to support this then please look at submitting a PR