API Protection form post response mode

With the form post response mode, a client can make an OAuth authorization request and receive a self-posting form rather than a 302 response.

For more information about the form post response mode, see https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html.

The form post template page contains a form that is populated with the action URI as the redirect URI presented on the authorization request. There is also a repeating macro inside the form, containing name and value macros.

Macros:

@ACTION@

The validated redirect URI presented in the authorization request.

Repeating macros:

The following macros must be used inside the repeating macro block 'oauth_form_post'. For example:

[RPT oauth_form_post]
<input type="hidden" name="@OAUTH_HIDDEN_NAME@" value="@OAUTH_HIDDEN_VALUE@" />
[ERPT oauth_form_post]

@OAUTH_HIDDEN_NAME@

Parameter name of the form post body. Default values include (depending on response_type) :

scope, state, expires_in, access_token, token_type, code

@OAUTH_HIDDEN_VALUE@

Parameter value in the form post body. This value corresponds to the @OAUTH_HIDDEN_NAME@ macro value.