---
title: Response types
description: The authorization request must specify a response_type attribute, which determines whether an access token, an authorization code, or an ID token is returned by the authorization server. The following is the list of the OAuth 2.0 response types supported by the PingOne authorization server:
component: pingone-api
page_id: pingone-api:foundations:authentication-concepts/access-tokens-and-id-tokens/response-types
canonical_url: https://developer.pingidentity.com/pingone-api/foundations/authentication-concepts/access-tokens-and-id-tokens/response-types.html
---

# Response types

The authorization request must specify a `response_type` attribute, which determines whether an access token, an authorization code, or an ID token is returned by the authorization server. The following is the list of the OAuth 2.0 response types supported by the PingOne authorization server:

* `code`

  Returns an authorization code. If the grant type is `authorization_code`, the `response_type` attribute must have the `code` value. The authorization code returned by the request is exchanged for an access token to complete the authorization flow.

* `token`

  Returns an access token. If the grant type is `implicit` or `client_credentials`, the `response_type` attribute can specify the `token` value to return an access token.

* `id_token`

  Returns an ID token. If the grant type is `implicit`, the `response_type` attribute can specify the `id_token` value to return a JWT containing a set of claims that represent the authentication state of an end user.

* `id_token` (OpenID Connect ID token)

  If the request contains the `id_token` response type and the `openid` scope, then it is considered an authentication (OpenID Connect) request, and an ID token is issued. The ID token includes the ID of the user; this request can also include the `profile` scope to add additional user claims to the ID token.