WSO2 Identity Server with OAuth 2.0 Form Post Response Mode

OAuth 2.0 Form Post Response Mode is an optional specification in Open Id Connect. In this method, authorization response parameters are encoded and passed as HTML form data. Thus there will be a HTML POST request to the client. Below diagram will give a much clear understanding.

To use the form post response mode, the parameter “response_mode=from_post” should be included in the request to the authorization endpoint. Below is a sample request.

GET /authorize?
response_type=id_token
&response_mode=form_post
&client_id=some_client
&scope=openid
&redirect_uri=http://localhost:8080/callback
&state=EcQ8cfs3bNivybCRqcieLHlAbdCar
&nonce=2T1AgaeRTGTMAJyeDMN9IJbgiUG HTTP/1.1
Host: localhost

Major usage of this response mode is with the .NET clients. The OWIN middle ware which is widely used .NET based web interface is only supporting this response mode. So to use OWIN as the web interface for any .NET web application, this response mode should be used.

Identity Server 5.3.0 (Which is not yet released while this article is writing) out of the box support this feature and Identity Server 5.2.0 will support this feature with a patch.

Reference

  1. http://openid.net/specs/openid-connect-core-1_0.html
  2. http://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html
  3. http://owin.org/
  4. http://wso2.com/products/identity-server/
  5. https://github.com/wso2/product-is/releases/tag/v5.3.0-alpha2

Software Engineer @WSO2