Open lhoekenga opened 6 years ago
The spec suggests that id_token should be valid for the Implicit flow: http://openid.net/specs/openid-connect-core-1_0.html#Authentication
Authentication can follow one of three paths: the Authorization Code Flow (response_type=code), the Implicit Flow (response_type=id_token token or response_type=id_token), or the Hybrid Flow (using other Response Type values defined in OAuth 2.0 Multiple Response Type Encoding Practices [OAuth.Responses]). The flows determine how the ID Token and Access Token are returned to the Client.
If I remember correctly, to bypass this limitation you may want to try with id_token token
. That might do it.
The readme makes me think that id_token is supported, but we're seeing this in our logs: