I’m about to set up an OIDC authentication for my app. Therefore I tried it with the serverside flow (also known as “Authorization Code Flow”), but unfortunately I get only the OAuth2 access_token and refresh_token, opposed to the desired id_token. I followed also the documentation:
Hello has this been resolved? I’m running into the same issue. The request documented here seems to be the same for the OIDC and the OAuth2 flow. I am not receiving the id_token (or even the expires_in), just the access_token, refresh_token, and scopes.
I have been able to work around the issue by using a response_type of “id_token code”, which interestingly enough gives a different result if I use a response_type of “code id_token”. The former uses the authorization code response, and the latter uses the implicit flow response. This seems to be a bug that should be looked at soon. Otherwise the whole system seems to be broken.