When making an /authorize request to log users into an OpenID Connect (OIDC) application, the following error message occurs:
error":"unsupported_response_type","error_description":"The response type is not supported by the authorization server. Configured response types: ....
This article clarifies why this error occurs and how to configure the application to support the requested response types.
- OpenID Connect/OAuth application
- Org Authorization Server
- Custom Authorization Server
The OpenID Connect application created within Okta does not have the necessary Grant Type configured for the requested response type.
When making the /authorize request, include a response_type to indicate which OIDC flow is used. For each response_type requested (admins are able to request multiple response_types in the same request),ensure the OIDC application and the authorization server are configured to support the requested Grant Types.
Application configuration
-
Go to Applications > Applications.
-
Select the OIDC application.
-
Go to General > General Settings.
-
Enable the Grant Type associated with the required
response_type:-
response_type=code: Authorization Code. -
response_type=id_token: Implicit (hybrid) > Allow ID Token with implicit grant type. -
response_type=token: Implicit (hybrid) > Allow Access Token with implicit grant type.
-
NOTE: When requesting multiple response types, enable each associated Grant Type.
Custom Authorization Server configuration
The following steps apply only when using a Custom Authorization Server. Skip these steps if using the Org Authorization Server.
-
Go to Security > API.
-
Select Authorization Servers.
-
Select the specific Authorization Server.
-
Select Access Policies.
-
Select the relevant Access Policy and Access Rule.
-
Ensure the required Grant Types are enabled within the rule.
