Which statement about the response_type parameter in OAuth is true?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which statement about the response_type parameter in OAuth is true?

Explanation:
The response_type parameter in OAuth tells the authorization server what kind of credential the client wants to receive in the authorization response. It essentially selects the form of the token or code that will be issued. For example, asking for a code means the server will return an authorization code that the client can exchange later for an access token. Asking for a token returns an access token directly, typically used in the implicit flow. In OpenID Connect, you can request an id_token, or combine values like code and token, to get both a code and a token. This is why describing response_type as a way to request a specific type of credential (such as code or token) is accurate. It’s not about identifying the client (that’s client_id), nor about the redirect URI. And while some flows rely on this parameter, others may not use it depending on the grant type.

The response_type parameter in OAuth tells the authorization server what kind of credential the client wants to receive in the authorization response. It essentially selects the form of the token or code that will be issued. For example, asking for a code means the server will return an authorization code that the client can exchange later for an access token. Asking for a token returns an access token directly, typically used in the implicit flow. In OpenID Connect, you can request an id_token, or combine values like code and token, to get both a code and a token.

This is why describing response_type as a way to request a specific type of credential (such as code or token) is accurate. It’s not about identifying the client (that’s client_id), nor about the redirect URI. And while some flows rely on this parameter, others may not use it depending on the grant type.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy