Hello, i try to have fun working thru your book __Schwartz/Machulak: Securing the Perimeter, Apress 2018__. Up to now i am in Chapter 5 OpenID Connect on page 189 **Client Registration** This is how i did setup the client: OPENID CONNECT CLIENTS DETAILS ------------------------------ - **Name:** mod_auth_openidc - **Client ID:** 0cc96639-c9d8-4bc9-b30c-7ca58d6788c9 - **Subject Type:** public - **ClientSecret:** XXXXXXXXXXX - **Application Type:** web - **Persist Client Authorizations:** true - **Pre-Authorization:** true - **Authentication method for the Token Endpoint:** client_secret_basic - **Logout Session Required:** false - **Include Claims In Id Token:** false - **Disabled:** false - **Login Redirect URIs:** [https://squid.fritz.box/login-callback.html] - **Scopes:** [profile, openid, email] - **Response types:** [code] **Configuring the Apache VirtualHost**, the VirtualHost section has [that](https://pastebin.com/B4aUDv17 "that") content. When i call the printHeaders-Example, it does not redirect to a authentication page. Instead it shows the page ``` https://gluub18.fritz.box/oxauth/restv1/authorize?response_type=code&scope=openid profile email&client_id=0cc96639-c9d8-4bc9-b30c-7ca58d6788c9&state=[-snip-] ``` with the error > unsupported_response_type The complete text is [here](https://pastebin.com/z1LFT7Pn "here") Hey, i did set the Response_Type **code** at both sides: at the clients response types and at the apache-variable OIDCResponseType The clients apache2 error.log stays empty. oxauth.log gives a HTTP 400 Bad Request - see [http400](https://pastebin.com/GjEwmqSD "http400") Is there any typo in the configs which leads to this error message? I think i implemented the books description correctly. Any hint is very much appreciated, Johann