WSO2 Identity Server with OAuth 2.0 Form Post Response Mode
Jayanga Kaushalya

Nice work Jayanga. Definitely a lot of people are confused about what the heck form post response mode is… I think your sequence diagram is a little misleading. How does the browser hit the authorization url? I think you should show that the process starts by the browser doing something at the service provider (clicking on link… hitting a button), which redirects the browser to the identity provider. You might also mention that there is a little bit of javascript needed (or some other mechanism) in the form to get it to submit automatically. Also, you might mention parallels to the SAML POST profile which is also commonly used to send back a long assertion.

Like what you read? Give Gluu Federation a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.