Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No support for HTTP POST method at Authorization Endpoint #176

Open
cicnavi opened this issue Feb 11, 2022 · 2 comments
Open

No support for HTTP POST method at Authorization Endpoint #176

cicnavi opened this issue Feb 11, 2022 · 2 comments

Comments

@cicnavi
Copy link
Collaborator

cicnavi commented Feb 11, 2022

We currently support only HTTP GET method at Authorization Endpoint.

Per OIDC spec for authn request:

Authorization Servers MUST support the use of the HTTP GET and POST methods defined in RFC 2616 [RFC2616] at the Authorization Endpoint. Clients MAY use the HTTP GET or POST methods to send the Authorization Request to the Authorization Server. If using the HTTP GET method, the request parameters are serialized using URI Query String Serialization, per Section 13.1. If using the HTTP POST method, the request parameters are serialized using Form Serialization, per Section 13.2.
@cicnavi
Copy link
Collaborator Author

cicnavi commented Aug 23, 2024

Note that this is also needed to properly support automatic client registration functionality from OpenID Federation specification.

@cicnavi
Copy link
Collaborator Author

cicnavi commented Aug 26, 2024

This is addressed in v6 in PR #242.

However, this will have to be refactored in order to support 'request object' from core specification: https://openid.net/specs/openid-connect-core-1_0.html#RequestObject

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cicnavi