Skip to Main Content
Integration


This is an IBM Automation portal for Integration products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Status Delivered
Workspace API Connect
Created by Guest
Created on Aug 11, 2022

Support form_post response mode in OAuth Authorization Code Flow

We use API Connect as an IDP. Some of our service providers are looking to enable an SSO integration and they have requested support of form_post response_mode in the OAuth Authorization Code Flow. We found that this is not currently supported.
Idea priority Medium
  • Admin
    Dan Temkin
    Reply
    |
    Mar 7, 2024

    Added to DataPower with the 10.5.0.5 release.

  • Guest
    Reply
    |
    Aug 25, 2022

    The impact to us is that we have an SSO implementation with a vendor for our finance chargeback system. Their integration currently works only with support form_post response mode. This puts our integration at risk and impacts the overall digital transformation strategy at MSK.

  • Guest
    Reply
    |
    Aug 25, 2022

    The OIDC extends, and in some cases, overrides, the OAuth 2.0 standard, and this is one of those cases.

    Please reference the OIDC core 1.0 standard: https://openid.net/specs/openid-connect-core-1_0.html, section 3.1.2.1 pasted below.

    3.1.2.1. Authentication Request

    An Authentication Request is an OAuth 2.0 Authorization Request that requests that the End-User be authenticated by the Authorization Server. Authorization Servers MUST support the use of the HTTP GET and POST methods defined in RFC 2616 [RFC2616] at the Authorization Endpoint. Clients MAY use the HTTP GET or POST methods to send the Authorization Request to the Authorization Server. If using the HTTP GET method, the request parameters are serialized using URI Query String Serialization, per Section 13.1. If using the HTTP POST method, the request parameters are serialized using Form Serialization, per Section 13.2.