On Tue, Dec 23, 2025 at 6:25 PM Nick Watson <[email protected]> wrote:
> For OAuth/OIDC specifically, I'm worried about the amount of churn on RPs' > having to adopt Redirect-Query. > The RP has to be updated if it is going to look for the response parameters in the headers first before looking at the query string or form body. Once the RP is making one change, doing the other one is simple. I would expect that this would be added to libraries and be invisible to the long tail of RPs.
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
