You get an unsupported response type error

In the OAuth world, the response_type parameter (used in an authorization request) lets the server know what you’d like to get back if your request is approved (for example, you’d like to get back an authorization code or you’d like to get back an access token). OAuth supports a number of different response types, including:

  • code
  • code id_token
  • code id_token token
  • code token
  • id_token
  • id_token token
  • none
  • token

So what does it mean if you get an error message like this:


There’s actually an easy answer to this question. In your authorization request, you must include the response_type parameter:

Equally important, the response_type parameter must be set one of the valid response types supported by Hosted Login. You can verify that by doing what the error message suggests and checking your discovery document:

"response_types_supported": [
    "code id_token",
    "code token",
    "id_token token",
    "code id_token token"

That also means there’s an easy fix here: just set the response_type parameter to a valid value. For example:


That’s all you have to do .