OAuthError: The response type is not supported by the authorization server. Configured response types: [id_token, token]

So I followed the getting started tutorials found on the Developer Dashboard, specifically the one for React

https://developer.okta.com/quickstart/#/react/nodejs/express

Upon clicking the login button, it navigates to the URL

http://localhost:3000/implicit/callback
, but the following error is displayed on this page

OAuthError: The response type is not supported by the authorization server. Configured response types: [id_token, token].

I believe I followed the tutorial exactly as written.

What is the meaning of the error message? Is the tutorial up to date ?

More Info on my config (altered to hide specifics)

const config = {
issuer: ‘https://dev-123456.okta.com/oauth2/default’,
redirectUri: window.location.origin + ‘/implicit/callback’,
clientId: ‘SOME-ALPHANUM-HERE’,
pkce: true,
}

The error you are seeing indicates to me that the OIDC application within Okta that you created (where you got your clientId from) does not have the necessary Grant Type configured, resulting in this error. Based on the error message, it sounds like you only have the Implicit grant type (both ID Token and Access Token) enabled for this client.

However, the guide you were following indicates that you need to have Authorization Code flow enabled. We can confirm this is the correct grant type, as the config you included has “pkce: true,” which is referring to the Authorization Code flow w/ PKCE.

Can you check your application configuration in Okta and ensure that you enable the Authorization Code flow as an “Allowed grant type?”

1 Like

Thank you for your reply, your diagnosis was 100% correct, after I enabled Authorization Code on the Okta dashboard, it authenticates Ok, Upon clicking the Login button, it redirects to my Okta login page, and upon correct combo of username / pwd , I am back at the React app, with a Logout button.

However, “the guide I was following” as per your reply, is not the actual guide I was following.

See my screenshot. I obtained the guide from the “Dashboard”, and jumped straight to the React guide.
Nowhere did it mention I needed to enable Authorization Code.

Yours,
Totally frustrated, a beginner to the platform needs to have a better on-boarding experience.

Update: I stand corrected, it does indeed show “Allowed grant types Authorization Code” in the Setting + Value table
My problem was that I created the SPA App at a different time, and when following the guide, i ignored that part, as I had already created it earlier.

Yup, that was the section of the guide I was trying to directly link to, but it looks like it didn’t work as I expected. Sorry about that!

I hope that, with you resolving your error, others who run into it will be able to handle their own response type errors with a little less frustration.

yes. enable Authorization code.

1 Like

I am getting the same error but I do have the Authorization Code box checked.
I could use some guidance on getting this to work. This is my first attempt at using OKTA so I could be doing something else wrong but I have followed the tutorials. Thank you This the error I am getting
http://localhost:3000/implicit/callback?state=f9HXGzZeGz6t1ShGVK1thZ9taBQbJBQMbtJM2ROi0MK1q8IAtz8dRLBTo3XW2Swh&error=unsupported_response_type&error_description=The+response+type+is+not+supported+by+the+authorization+server.+Configured+response+types%3A+[id_token%2C+token].

Hi @kstomp

Can you please check that you have added a SPA application and have authorization code enabled?