I am trying to connect via Open ID Connect to another system (Ping)
On their end they do not want to support the implicit flow.
In order to turn that off I have only selected “Authorisation Code” in my application.
Now if I test my OIDC connection I get this test url: (replaced some parts)
https://pronto-rtm-base.eu.auth0.com/authorize?client_id=xxx&**response_type=code**&connection=Test&prompt=login&scope=openid%20profile&redirect_uri=https://manage.auth0.com/tester/callback?connection=Test
However after the redirect it looks like this:
https://client?client_id=xxx&scope=openid%20profile%20email&**response_type=id_token**&redirect_uri=callback&prompt=login&response_mode=form_post&nonce=...&state=…
Note that the response_type changed from code to id_token. This triggers the implicit flow on their end resulting in this error: “unauthorized_client (implicit grant not allowed for this client)”
Did I miss some config option, can someone explain why this is happening?
Thanks