> The RP has to be updated if it is going to look for the response parameters in the headers first before looking at the query string or form body
With my version of the proposal the RP doesn't need that. The browser handles it entirely, and the RP receives a normal-looking form post. On Mon, Jan 5, 2026 at 8:56 AM Dick Hardt <[email protected]> wrote: > To close out this thread, I've posted > https://datatracker.ietf.org/doc/draft-hardt-httpbis-redirect-headers/ to > datatracker and hope the work is adopted by the httpbis WG. > > On Tue, Dec 23, 2025 at 7:58 PM Dick Hardt <[email protected]> wrote: > >> >> >> On Tue, Dec 23, 2025 at 6:25 PM Nick Watson <[email protected]> wrote: >> >>> For OAuth/OIDC specifically, I'm worried about the amount of churn on >>> RPs' having to adopt Redirect-Query. >>> >> >> The RP has to be updated if it is going to look for the response >> parameters in the headers first before looking at the query string or form >> body. Once the RP is making one change, doing the other one is simple. I >> would expect that this would be added to libraries and be invisible to the >> long tail of RPs. >> >> >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
