|
|
|
|
|
|
by rahulrav
2566 days ago
|
|
|
They already don’t show up if you use fragment URIs. The real issue I have is that the OAuth2 spec covers all this and we don’t have to rehash this every time a new IDP creates an Auth system. No. The final post is not made by the client and a server has to handle the request. Webapps cannot handle POST requests from an Authorization server. |
|
|