Menu
Does Google plan to support the Form Post response mode in its OpenID Connect/OAuth 2.0 implementation?
http://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html
Other identity providers such as Azure Active Directory and IdentityServer support this, but it seems Google doesn't (based on reading the docs and some manual testing). For context, I'm building an OpenID Connect library and was hoping to leverage this capability (and prefer not to rely on acquiring tokens via HTTP GET and URL fragments).
497
response_mode controls how the tokens are delivered to the client, if you use response_mode=form_post then it is done via an auto submitted form-post generated by the Identity provider. IF you don't provide it, you will get the tokens via the query string.
The OAuth 2.0 specification allows for registration of space-separated response_type parameter values. If a Response Type contains one of more space characters (%20), it is compared as a space-delimited list of values in which the order of values does not matter.
The OAuth 2.0 authorization framework is a protocol that allows a user to grant a third-party web site or application access to the user's protected resources, without necessarily revealing their long-term credentials or even their identity.
This does appear to work when you pass ?response_mode=form_post to google... but I can't find it anywhere in their documentation. :shrug:
116
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
