To close out this thread, I've posted https://datatracker.ietf.org/doc/draft-hardt-httpbis-redirect-headers/ to datatracker and hope the work is adopted by the httpbis WG.
On Tue, Dec 23, 2025 at 7:58 PM Dick Hardt <[email protected]> wrote: > > > On Tue, Dec 23, 2025 at 6:25 PM Nick Watson <[email protected]> wrote: > >> For OAuth/OIDC specifically, I'm worried about the amount of churn on >> RPs' having to adopt Redirect-Query. >> > > The RP has to be updated if it is going to look for the response > parameters in the headers first before looking at the query string or form > body. Once the RP is making one change, doing the other one is simple. I > would expect that this would be added to libraries and be invisible to the > long tail of RPs. > >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
