http://tools.ietf.org/html/rfc6749#section-3.1 says:
The authorization server MUST support the use of the HTTP "GET" method [RFC2616<http://tools.ietf.org/html/rfc2616>] for the authorization endpoint and MAY support the use of the "POST" method as well. Unfortunately, it's missing any details (that I can find, anyway) on how to pass the parameters in if POST is used. If you follow the examples of how "POST" is used at the token endpoint, they would be passed in the message body, per the example at http://tools.ietf.org/html/rfc6749#section-4.1.3. However, it seems like it's also possible for them to be passed as query parameters in the same manner as when using "GET". Can anyone determine the intent of the spec on how to pass input parameters when using POST to the Authorization Endpoint? Thanks, -- Mike
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
