This specification defines the Form Post Response Mode. In this mode, Authorization Response parameters are encoded as HTML form values that are auto-submitted in the User Agent, and thus are transmitted via the HTTP POST method to the Client, with the result parameters being encoded in the body using the application/x-www-form-urlencoded format. This document is an officially published standard.
Full text: https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html
This document introduces a number of security countermeasures for OAuth. The OAuch tests related to these countermeasures are:
Back to the documents overview