How OAuth 2.0 form-post response mode works in WSO2 Identity Server 5.3.0

According to the OAuth 2.0 spec, in form-post response mode the Authorization Response parameters which are encoded as HTML form values are auto-submitted and transmitted via HTTP POST method to the client. Due to this, the parameters are being encoded in the body using the application/x-www-form-urlencoded format.

Here the method and the action attributes of the form must me POST and Client’s redirect URL. This is because the Authorization Response is intended to be used only once and the authorization server must instruct the User Agent not to store or reuse the content of the response on the browser URL. This is merely done for the security of the content of the response.

From WSO2 Identity Server 5.3.0 we have this feature of OAuth 2.0 form-post available for our customer demand. From this blog I will help you to get a clear idea to understand this form-post response mode in WSO2 IS 5.3.0

$. To start this download our latest IS 5.3.0 pack from here and run it as the instructions given here.

$. Also download the latest playground2 app from here and deploy it in a maven server.

$. Once the management console is ready in https://localhost:9443/carbon/ with admin:admin credentials, register the playground2 app as a service provider by clicking add in here.

Add a new service provider from the management console of WSO2 IS 5.3.0

$. Next register the playground app by giving suitable name like this and click Register.

$. Then once you list the service providers, you will see your registered app here. Then click edit of the created app

Click edit on the registered app.

$. Next click on Inbound Authentication Configuration and expand it down. Then select OAuth/OpenID Connect Configuration and Click edit in it.

$. Then put the call-back URL as http://localhost:8080/playground2/oauth2client and click update.

$. Now you are ready with your playground2 app registered in your WSO2 Identity Server 5.3.0.

Now let’s play around with this form-post response mode. You will notice that how easy it is to play around with WSO2 products.

$. Launch playground2 app in http://localhost:8080/playground2/ and click on it and you will go to a window like this.

$. Select Authorization Grant Type as Implicit and insert the client ID you got when registering the app. Put the scope as openid and call-back URL as http://localhost:8080/playgroun2/aouth2client .

$ Insert the authorize end-point as https://localhost:9443/oauth2/authorize and enable the form-post mode as yes.

$. Then authenticate the app using authorized user default using admin:admin.

Basic authentication with admin:admin

$. Once you approve the authentication you will see the post response coming. Once you click continue you will get a blank window without the token.

Form-post response

$. In order to see the token you need to open up a SAML tracer, for FireFox you better use SSO Tracer. You can see all the requests and responses of the whole process through this tracer.

$. You will see the access-token on the tracer a shown bellow.

access-token in SSO Tracer

This is how you can see form-post response mode using our play ground app. Hope you guys enjoy this. Please leave me comments on this.

Have fun with WSO2 IS 5.3.0 …….

--

--

--

Associate Lead Solutions Engineer @ WSO2, specialized in IAM, an Identity Evangelist, a blogger, a nature lover, a traveller

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Top 20 Hadoop Questions To Crack An Interview.

Why you chose CloudWays?

People Stack Podcast: Constance Ip of New York Code + Design Academy talks about training and wine

Stader Labs introduce

Learning Ruby.

Auto-Remediation systems — A thought and an Overview

What’s up with Ember.js and Stack Overflow?

How to Run Kubernetes Jobs Programmatically?

Kubernetes and Fabric8

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dinali Rosemin Dabarera

Dinali Rosemin Dabarera

Associate Lead Solutions Engineer @ WSO2, specialized in IAM, an Identity Evangelist, a blogger, a nature lover, a traveller

More from Medium

Integration with the SAP Commerce Cloud Build APIs with Jenkins/Sonar Qube

WSO2 API Manager & Auth0 OIDC SSO

Dev platform architecture — Part 4 — Control Center sample implementation

SW Development Process At MANTA