Found 1 record.

Status: Reported (1)

RFC 8414, "OAuth 2.0 Authorization Server Metadata", June 2018

Errata ID: 7793
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Kristina Yasuda
Date Reported: 2024-01-31

Section 2 says:

response_types_supported
      REQUIRED.  JSON array containing a list of the OAuth 2.0
      "response_type" values that this authorization server supports.
      The array values used are the same as those used with the
      "response_types" parameter defined by "OAuth 2.0 Dynamic Client
      Registration Protocol" [RFC7591].

It should say:

response_types_supported
      JSON array containing a list of the OAuth 2.0
      "response_type" values that this authorization server supports.
      This is REQUIRED unless no grant types are supported
      that use the authorization endpoint. The array values used are
      the same as those used with the "response_types" parameter defined by
      "OAuth 2.0 Dynamic Client Registration Protocol" [RFC7591].

Notes:

For the authorization servers that only support grant types that do not use authorization endpoint (like client credentials grant), there is no value to put in the required `response_types_supported` parameter. At the same time, section 3.2 says that "Claims with zero elements MUST be omitted from the response." `authorization_endpoint`parameter is already required for the ASs that support grant types that use the authorization endpoint, so it should be the same for the `response_types_supported` parameter.

Report New Errata