OAuth 2.0 Form Post Response Mode

Spec: openid.net/specs/oauth-v2-form-post-response-mode-1_0.htmlStatus: Full

Form Post Response Mode lets the authorization server deliver authorization response parameters via an auto-submitting HTML form instead of a redirect URL, which keeps tokens out of browser history and referrer headers.

Implemented

response_mode=form_post — accepted on the /authorize endpoint.
Auto-submitting HTML form — response parameters (e.g. code, state, id_token) are rendered as hidden inputs in a form that posts to redirect_uri on load.
Compatibility with all response types — works with code, id_token, and hybrid response types.
Advertised in discovery — form_post appears in response_modes_supported in /.well-known/openid-configuration.

OpenID Connect Core
Login Flow endpoints

UI Widget

SAML Package

Multi-Tenancy Package

OAuth 2.0 Form Post Response Mode

Implemented

OAuth 2.0 Form Post Response Mode ​

Implemented ​

Related AuthHero documentation ​

OAuth 2.0 Form Post Response Mode

Implemented

Related AuthHero documentation