Hi **Paolo**, I have been working to reproduce your issue. In the end, i was not able to reproduce it. The login process is working well as you can see on [this](https://pasteboard.co/Havx8ie.png) image. We can get more inside if you provide the error message(you can get that from the terminal session where you have run the `node index.js` command. Suggestion: After filling the form at /settings endpoint in node app, Log into Gluu server and release the following scope: `email`,`profile`. Clear you browser history and try the login process again. Hope that help, if not feel free to request more assistance. Thanks!

Hello Thomas, Thanks for the response. I checked and indeed the email and profile weren't being registered to the client. I manually edited the scope but the app is still redirecting endlessly. Here is the screenshot of the terminal [error](https://pasteboard.co/HaBzeCC.png) Also, my config is I have gluu and oxd installed in separate VMs. I cloned the oxd-node-demo in the server containing oxd. Here's a screenshot of my [client config on app](https://pasteboard.co/HaBAoMX.png)

Hi Paolo, I have noticed from your screenshot that the response_type of the first request is set to `code+token+id_token`. The flow in this case is the Authorization code flow. That mean one request to ask the `code` , another one to ask the `access_token` and `id_token` and optionally another one to get user info. So the response type here should be just `code`. This value can be changed from the demo app inside file named `parameters.json`

Here's the contents of my ```parameters.json``` file (I haven't really touched much of the files except for configuring my oxd client): ``` { "scope":[ "openid", "profile", "email" ], "op_host":"", "authorization_redirect_uri":"", "post_logout_uri":"", "application_type":null, "redirect_uris":null, "response_types":[ "code" ], "client_id":null, "client_secret":null, "client_jwks_uri":null, "client_token_endpoint_auth_method":null, "client_request_uris":null, "client_logout_uris":[ "" ], "client_sector_identifier_uri":null, "ui_locales":null, "claims_locales":null, "acr_values":null, "grant_types":[ "authorization_code" ], "oxd_id":"", "code":"", "state":"", "scopes":[ "openid", "profile", "email", "uma_protection", "uma_authorization" ], "access_token":"", "id_token_hint":null, "session_state":null, "port":"8099", "host":"<oxd srever host>", "httpBaseUrl":"", "contacts":[ null ], "client_frontchannel_logout_uris":"" } ```

Paolo, Can you provide a screenshot of openid clients in Gluu server. Also check the details of the client in Gluu server to make sure the response type is set to code. see an example [here](https://pasteboard.co/HaCyTaK.png).

Do note that I'm using dynamic client registration through the /register endpoint right now. There is no field to manually select ```response type``` for ```settings.json```. Here is my [openid client](https://pasteboard.co/HaCHZeJ.png) I tried to manually edit my client in Gluu server to be similar to your example but upon login, I get: {"error":"unsupported_response_type","error_description":"The authorization server does not support obtaining an access token using this method.","state":"b87c473q8vhrq84l2a17ebvfnc"}

Yes **Paolo**, As you can see on your [client config](https://pasteboard.co/HaCHZeJ.png) screenshot, the response types has three values: `code, access_token, id_token`. Mine is set to `code`. Remove `access_token` and `id_token`. Here is [my client](https://pasteboard.co/HaCTQd2.png) config. Make the changes as required on your client in Gluu server side using the OxTrust Gui.

Yup, I've tried to do this part already. [Here is my current client config](https://pasteboard.co/HaCZecn.png) However, upon logging in, I get this error message: {"error":"unsupported_response_type","error_description":"The authorization server does not support obtaining an access token using this method.","state":"1npub461ggvdhb4tqbakf71onf"}

Okay This mean that the RP is still requesting access_token and id_token. Please provide the returned error from the terminal. I need that to confirm my hypothesis.

Yup it looks like the access and id tokens are still being requested. I'm trying to check where could the request possibly come from. ```Connected Send data : 0683{"command":"get_authorization_url","params":{"oxd_id":"61b8010d-da41-4e8c-bed2-4b0586e377f6","op_host":"https://centos.gluu.local","client_id":"@!C730.55A7.8355.9C8C!0001!021C.2E5E!0008!FCEB.5483.FC2A.1EEF","client_secret":"1391b95c-a9b5-4d0c-b119-6dd5180e8ebc","client_registration_access_token":"cbd6d5c8-f419-4739-b609-79bf48d0389b","client_registration_client_uri":"https://centos.gluu.local/oxauth/restv1/register?client_id=@!C730.55A7.8355.9C8C!0001!021C.2E5E!0008!FCEB.5483.FC2A.1EEF","client_id_issued_at":1520328847,"client_secret_expires_at":1520415247,"client_name":"OXD Test ","message":"Successfully Registered","https_extension":false,"host":"localhost","port":"8099"}} Response : 0367{"status":"ok","data":{"authorization_url":"https://centos.gluu.local/oxauth/restv1/authorize?response_type=code+token+id_token&client_id=@!C730.55A7.8355.9C8C!0001!021C.2E5E!0008!7C7A.C457.DE11.91AE&redirect_uri=https://centos.oxd.local:5053/authorization&scope=openid+profile+email+uma_protection&state=bjo9bs36qvc1adscevjnoafv6i&nonce=a4i0339gpof6ooigd8a0t6r9nu"}} https://centos.gluu.local/oxauth/restv1/authorize?response_type=code+token+id_token&client_id=@!C730.55A7.8355.9C8C!0001!021C.2E5E!0008!7C7A.C457.DE11.91AE&redirect_uri=https://centos.oxd.local:5053/authorization&scope=openid+profile+email+uma_protection&state=bjo9bs36qvc1adscevjnoafv6i&nonce=a4i0339gpof6ooigd8a0t6r9nu Connection closed ```

You can see this from log: ``` Response : 0367{"status":"ok","data":{"authorization_url":"https://centos.gluu.local/oxauth/restv1/authorize?response_type=code+token+id_token&client_id=@!C730.55A7.8355.9C8C!0001!021C.2E5E!0008!7C7A.C457.DE11.91AE&redirect_uri=https://centos.oxd.local:5053/authorization&scope=openid+profile+email+uma_protection&state=bjo9bs36qvc1adscevjnoafv6i&nonce=a4i0339gpof6ooigd8a0t6r9nu"}} ``` The response type is still not correct. Can you please do the following. - Provide a screenshot of openid clients from Gluu server(example [here](https://pasteboard.co/HaD9SzC.png)) - Restart your Gluu instance - Clear the browser cookies and test again.

Hello Thomas, [Here](https://pasteboard.co/HaDi9iN.png) is my openid client list. Im using OXD Test for this example. I have restarted my Gluu instance, cleared my cookies, and retried but I'm still getting the same error. Additional note: Both OXD Test clients only have ```code``` as their ```response type```

Can you provide this file **/opt/oxd-server/conf/oxd-default-site-config.json**?

Here it is: ``` { "op_host":"https://centos.gluu.local", "op_discovery_path":"", "response_types":["token", "id_token", "code"], "grant_type":["authorization_code", "implicit", "client_credentials", "refresh_token"], "acr_values":[""], "scope":["openid", "profile", "email"], "ui_locales":["en"], "claims_locales":["en"], "contacts":["gap.tobias@gmail.com"] } ``` I tried to edit this file and restrict ```response_types``` to only ```code```, and retried to run my app but it still doesn't work. Same error: ```{"error":"unsupported_response_type","error_description":"The authorization server does not support obtaining an access token using this method.","state":"1npub461ggvdhb4tqbakf71onf"}```

Set the response type to code. ``` "response_types":["code"], ``` Then restart oxd-server, clear browser cookies and test again.

[Works now!](https://pasteboard.co/HaDyYPX.png) Thank you very much for your help and persistence, Thomas. Closing this now :)