WSO2 Identity Server with OAuth 2.0 Form Post Response Mode

Jayanga Kaushalya
Nov 27, 2016 · 1 min read

OAuth 2.0 Form Post Response Mode is an optional specification in Open Id Connect. In this method, authorization response parameters are encoded and passed as HTML form data. Thus there will be a HTML POST request to the client. Below diagram will give a much clear understanding.

To use the form post response mode, the parameter “response_mode=from_post” should be included in the request to the authorization endpoint. Below is a sample request.

GET /authorize?
response_type=id_token
&response_mode=form_post
&client_id=some_client
&scope=openid
&redirect_uri=http://localhost:8080/callback
&state=EcQ8cfs3bNivybCRqcieLHlAbdCar
&nonce=2T1AgaeRTGTMAJyeDMN9IJbgiUG HTTP/1.1
Host: localhost

Major usage of this response mode is with the .NET clients. The OWIN middle ware which is widely used .NET based web interface is only supporting this response mode. So to use OWIN as the web interface for any .NET web application, this response mode should be used.

Identity Server 5.3.0 (Which is not yet released while this article is writing) out of the box support this feature and Identity Server 5.2.0 will support this feature with a patch.

Reference

  1. http://openid.net/specs/openid-connect-core-1_0.html
  2. http://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html
  3. http://owin.org/
  4. http://wso2.com/products/identity-server/
  5. https://github.com/wso2/product-is/releases/tag/v5.3.0-alpha2

Jayanga Kaushalya

Written by

Software Engineer @WSO2

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade