This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Form Post Response Mode
Form Post Response Mode

Version management

Difference between version and

At line 1 added 17 lines
!!! Overview
[{$pagename}] ([form_post]) is the [Response_mode] [parameter] which indicates is an [OAuth 2.0] [Response_mode] where [Authorization Response] [parameters] are encoded as [HTML] form values that are auto-submitted in the [User-agent], and thus are transmitted via the [HTTP POST] method to the [Client], with the result parameters being encoded in the body using the [application]/x-www-form-urlencoded format.
The action attribute of the form [MUST] be the [OAuth Client]'s [redirect_uri]. The method of the form attribute [MUST] be [POST|HTTP POST].
Because the [Authorization Response] is intended to be used only once, the [Authorization Server] [MUST] instruct the [User-agent] (and any intermediaries) not to store or reuse the content of the [Authorization Response].
Any technique supported by the [user-agent] [MAY] be used to cause the submission of the form, and any form content necessary to support this [MAY] be included, such as submit controls and client-side scripting commands. However, the [OAuth Client] [MUST] be able to process the message without regard for the mechanism by which the form submission was initiated.
!! [OAuth 2.0 Security Considerations]
As described in [OAuth 2.0 Multiple Response Type Encoding Practices] [OAuth.Responses], there are security implications to encoding response values in the [URI Query] string and in the [URI Fragment Identifiers] value. Some of these concerns can be addressed by using the [{$pagename}]. In particular, it is safe to return [Authorization Response] parameters whose default [Response_modes] are the query encoding or the fragment encoding using the [form_post] [Response_mode].
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [OAuth 2.0 Form Post Response Mode|https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html|target='_blank'] - based on information obtained 2017-06-26-
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop