In the SMART conformance doc: http://www.hl7.org/fhir/smart-app-launch/conformance/index.html#sample-response

the resonse_types_supported states:

response_types_supported: RECOMMENDED, array of OAuth2 response_type values that are supported

Is there any subset of defined values that is pulled from? EG: from the example:

"response_types_supported": ["code", "code id_token", "id_token", "refresh_token"],

code is part of OAuth 2 base, code id_token, and id_token are from Openid Connect. 

Action:

refresh_token should be removed as it's not a grant response that I'm aware of (see also conversation on zulip [1]).

Link to or define the acceptable set of values more formally vs the definition being primarily contained within examples as it is today. Proposed stater set would be the OpenId Connect and base OAuth 2 specifications (though SMART doesn't go much beyond the "code" grant type today - will we accept others here?).

 [1] https://chat.fhir.org/#narrow/stream/179170-smart/topic/response_types_supported.20values