ResponseType

What kind of thing we would like to get via a redirect URL when the authorization is successful, i.e. possible values of authorization endpoint’s “response_type” parameter.

Note that we only support the values listed here as other flows are either not used in a mobile app (“password” or “client_credentials”) or are unknown (extensions).

code

“Authorization Code” flow, see https://tools.ietf.org/html/rfc6749#section-4.1

This means that we want to receive “authorization code”, which has to be exchanged to an access token via the token endpoint.

Note that this flow “is not optimized” for native apps that are “public clients” in OAuth terms. Still let’s support this as it might be the only option for the target server.
token

“Implicit” flow, see https://tools.ietf.org/html/rfc6749#section-4.2.

The access token is returned right away via the redirect URL. Note that refresh token is never returned in this flow.
idToken

OpenID extension. This is similar to .token but an ID Token is returned as well. See https://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthRequest.