What-is-the-advantage-of-response_mode-form

In case of form post , 200 OK response is sent by authorization end point with response parameters embedded in an HTML form as hidden parameters .After the browser loads the response from authorization server , body onload event will trigger a form submit and post all the data to redirect uri. (The action of the form is redirect uri)

For example, a response might be:

<html>
 <head></head>
 <body onload="javascript:document.forms[0].submit()">
  <form method="post" action="https://client.com/callback">
    <input type="hidden" name="state" value="1234"/>
    <input type="hidden" name="id_token" value="xy....z"/>
  </form>
 </body>
</html>

The advantage of form post is that the parameters will not be found in browser history . Form post is commonly used in the OIDC implicit flow (for authentication use case)

	Nishant Anand I am technical architect with around 18 years of experience in telecom , banking and health care domain. I was part of the founding team of Drishti and currently CTO at affordplan
	Consult Send Query

Sequence diagram for OIDC implicit flow in which id_token is generated by auth server