On Mon, Feb 9, 2015 at 3:59 PM, John Bradley <ve7...@ve7jtb.com> wrote:
> Connect has a response_mode that allows the response to be form encoded > rather than fragment. > I read RFC 5849 as only allowing code to be query encoded. The > response_mode was intended for the new response types we defined in > http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html > Actually response_mode is defined in that spec itself in section 2.1 <http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes>. > > The spec for response mode is here > http://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html > And that spec is actually to define a new response mode, form_post, which encodes authorization response parameters as HTML form values that are auto-submitted (via javascript) by the user agent and transmitted via HTTP POST to the Client’s redirect URI.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth