Hi,
Do you have any idea regarding the following question?
https://stackoverflow.com/questions/67062880/azure-openid-connect-redirect-behavior
Thank you,
Zsolt
Hi,
Do you have any idea regarding the following question?
https://stackoverflow.com/questions/67062880/azure-openid-connect-redirect-behavior
Thank you,
Zsolt
Hi @ZsoltFeher-7336 · Thank you for reaching out.
When requesting the code, you can use Oauth parameter response_mode= query or fragment or form_post. When you use query or fragment, it provides the code as a query string parameter on your redirect URI. Where, form_post executes a POST containing the code to your redirect URI, which is happening in your case.
I would suggest you to use response_mode= either query or fragment
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi,
Thank you for checking this question. My question is about Azure behavior when Azure redirects back after authentication to the redirect_uri (we are already using fragment). I would expect azure to use the HTTP code 302 for redirection but it is using a HTTP 200 code returning a self posting form.
Thank you,
Zsolt
@ZsoltFeher-7336 · In Azure, the redirect method changes based on the response_mode parameter. Please refer to below snip of fiddler capture with redirect methods based on the value of response_mode:
Try using response_mode=query, if that helps.
Thank you for checking that. Our application has a constraint that requires us to use fragment ( our app is an SPA and for security reasons we need to avoid having anything in query string or posted to our backend servers). I wonder if this behavior is security related and protects from an attack vector i'm unaware of. If that is correct i would like to ask for more information about possible security concerns and if any option is available to change that.
Thank you in advance,
Zsolt
2 people are following this question.