3

How do I make it so the returnTo url after someone signs in with their openId provider is requested with POST instead of GET?

I have a form that someone must be logged in for the POST to work. When they press submit it redirects them to the login page and they choose their OpenID provider. After successfully choosing and authenticating with their openID provider, it requests the page it was originally trying to request, except with GET.

Kyle
  • 21,377
  • 37
  • 113
  • 200
  • Does this answer your question? [Response.Redirect with POST instead of Get?](https://stackoverflow.com/questions/46582/response-redirect-with-post-instead-of-get). The [accepted answer](https://stackoverflow.com/a/2187614/7758804) to this question is this linked duplicate. – Trenton McKinney Apr 12 '23 at 22:48

2 Answers2

1

It sounds like you want the authentication response to be POSTed to your RP instead of with GET. The OpenID spec doesn't allow for the RP to mandate a POST instead of a GET. In fact, GET is generally considered preferable to POST since it's faster and doesn't tend to pop up warning dialogs to the user if the OP is an HTTPS endpoint and the RP is an HTTP endpoint.

But I'm dying to know why you need to have the authentication response POSTed. Is it because your return_to URL includes the original form data that the user was trying to post to the RP, and which now must be delayed until after authentication has completed? If so, I suggest you rethink your design. Consider a user experience where the user must sign in, on the form, but before posting the form.

Like this sample: http://samples.dotnetopenauth.net/v3.3/OpenIdRelyingPartyWebForms/ajaxlogin.aspx

Andrew Arnott
  • 80,040
  • 26
  • 132
  • 171
  • yea you were right about the return_to URL containing the original form data, I'll rethink my design. – Kyle Feb 04 '10 at 15:46
0

Add response_mode=form_post to your request

Tyler2P
  • 2,324
  • 26
  • 22
  • 31
Ina
  • 1
  • 2
    Remember that Stack Overflow isn't just intended to solve the immediate problem, but also to help future readers find solutions to similar problems, which requires understanding the underlying code. This is especially important for members of our community who are beginners, and not familiar with the syntax. Given that, **can you [edit] your answer to include an explanation of what you're doing** and why you believe it is the best approach? – Jeremy Caney Apr 13 '23 at 00:09