OAuth2 – POST to /authorize ?

Tagged: ,

This topic has 2 replies, 2 voices, and was last updated 1 year, 9 months ago by iansorbello_consultant.

  • Author
    Posts
  • #23832

    I have question from a customer that wants to call /authorize using a POST request instead of a GET. I only see examples of GET on the interwebs, and RFC6749 only refers to a GET… – but then again, doesn’t explicitly state it MUST be a GET…

    Is it valid to be able to handle POST in this call, and has anyone done this before?

    #23834
     Andy Cory
    Participant

    Hi Ian

    I can’t say I’ve had any need to do this before, but the usual flow is that the GET to /authorize results in a consent form in the response with the parameters from the initial request in hidden fields. The submit of that form is a POST back to /authorize, so that endpoint can certainly process a POST.

    -Andy

    #23840

    Thanks Andy,

    Makes sense. Not sure of the rationale, but assuming this is not a *wrong* thing to do, looks like we’ll just go make it work.

    Cheers,
    ian.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?