idTokenType
OIDC SIOPv2: OPTIONAL. Space-separated string that specifies the types of ID Token the RP wants to obtain, with the values appearing in order of preference. The allowed individual values are subject_signed_id_token
and attester_signed_id_token
. The default value is attester_signed_id_token
. The RP determines the type if ID Token returned based on the comparison of the iss
and sub
claims values. In order to preserve compatibility with existing OpenID Connect deployments, the OP MAY return an ID Token that does not fulfill the requirements as expressed in this parameter. So the RP SHOULD be prepared to reliably handle such an outcome.
See IdTokenType for valid values.