2.1 added a lot of text around how clients form authorization requests, the language does not however account for the optional POST binding at the authorization endpoint.
The authorization server MUST support the use of the HTTP GET method Section 9.3.1 of [RFC9110] for the authorization endpoint and MAY support the POST method (Section 9.3.3 of [RFC9110]) as well.
Authorization Servers MUST support the use of the HTTP GET and POST methods defined in RFC 7231 [RFC7231] at the Authorization Endpoint. Clients MAY use the HTTP GET or POST methods to send the Authorization Request to the Authorization Server. If using the HTTP GET method, the request parameters are serialized using URI Query String Serialization, per Section 13.1. If using the HTTP POST method, the request parameters are serialized using Form Serialization, per Section 13.2.
2.1 added a lot of text around how clients form authorization requests, the language does not however account for the optional POST binding at the authorization endpoint.
Sections 3.1. Authorization Endpoint and 4.1.1. Authorization Request do not account for the optional POST binding which uses the request body to carry the
application/x-www-form-urlencoded
encoded parameters.In OIDC there's explicit text around the request parameters.