Open tlodderstedt opened 6 months ago
I suggest using JSON for new APIs. To me Token Request uses form url-encoding due to legacy reasons, but we don't do the for credential request either, so I don't see a reason to do it for the POST request_uri
Would you suggest we change this for the direct post request, too?
That's a very good question. Direct post actually seems to just send the authorisation response over POST instead of GET, so mimicking send more reasonable.
In the case of request Uri, we are actually sending new data that is not defined in RFC9101, so deviating here seems more justified. This is also why I believe this is kind of a new command and I wouldn't call the parameter request_uri_method to indicate the support for it.
I wouldn't call the parameter request_uri_method to indicate the support for it.
Are you suggesting to rename request_uri_method parameter name? What's your alternative?
Direct post and Request URI POST request are both form encoded. It was suggested to instead use JSON encoded payload. Let's discuss.