Configure response type for ASP.Net WebForms

I am getting an unsupported response type error of

‘unsupported_response_type’. Error_Description (may be empty): ‘The response type is not supported by the authorization server. Configured response types: [token, code].’

I set my Response type to CodeIDToken as seen below and this is the recommended response type so that it hits the AuthorizationCodeReceived function in the call back as described in this article about using okta with webforms https://developer.okta.com/blog/2018/08/29/secure-webforms-with-openidconnect-okta

.ResponseType = OpenIdConnectResponseType.CodeIdToken

Now if I set the response type to CodeToken it will hit a MessageReceived event on the call back and contain a jwt token but it does not have the ability to attach to the client session and mark it as authenticated to continue.

So my question is what method of authentication Should I use to be able have it configured to CodeIdToken so that it AuthorizationCodeReceived callback event fires correctly?

Hi @swestfall

Can you please check that you have Implicit flow with ID token enabled in Okta under Admin >> Application >> OIDC application >> General >> Allowed grant types >> Implicit >> Allow ID Token with implicit grant type?

I will have the admin check this, I don’t have access to the configuration.

Hi @swestfall

To assist in reviewing the configuration, this is the option that needs to be enabled inside the OIDC app.

New error message about Nonce now:

IDX21323: RequireNonce is ‘[PII is hidden]’. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null.

The nonce cannot be validated. If you don’t need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to ‘false’. Note if a ‘nonce’ is found it will be evaluated.

Hi @swestfall

Can you please send an email to developers@okta.com with this error and use-case in order to have one of our developer support engineers review the logs and assist you further?

This is resolved and working now. Thank you for your assistance.