response_type and grant_type two mandatory parameters established from OAuth 2.0 specification. Hence OpenID Connect is built on OAuth 2.0, these two parameters are used in OpenID Connect too.
response_type is used against authorization endpoint. This parameter define what authorization response must contain in its response. For example, code
when using authorization code grant (similarly authorization code flow in OpenID Connect).
grant_type on the other hand is used against token endpoint. It define the grant used for the token request. For example, authorization_code
is the grant used for authorization code grant (similarly authorization code flow in OpenID Connect).
For hybrid flow, response_type is extended to have multiple segments. This was done through OAuth 2.0 Multiple Response Type Encoding Practices. This enables you to use a response_type such as response_type=id_token%20token
. And grant_type will be the same as if you used authorization code flow. It will be code
. This is defined in the specification's hybrid token request