I'm trying to use openID connect to authenticate against google using the code flow.
I'm sending an auth request to google like
GET https://accounts.google.com/o/oauth2/v2/auth? client_id=***.apps.googleusercontent.com&
redirect_uri=https%3a%2f%2flocalhost%3a44321%2fAccount%2fConfirmLogin&
response_mode=form_post&
response_type=code&
scope=openid+email+profile&
state=STUFF
nonce=A_NONCE
and I get back a GET response
GET https://localhost:44321/Account/ConfirmLogin?state=STUFF&
code=Some letters&
authuser=0&
hd=my app domain&
session_state=HEX&
prompt=none
According to the spec : http://openid.net/specs/openid-connect-core-1_0.html#AuthResponse
When using the Authorization Code Flow, the Authorization Response MUST return the parameters defined in Section 4.1.2 of OAuth 2.0 [RFC6749] by adding them as query parameters to the redirect_uri specified in the Authorization Request using the application/x-www-form-urlencoded format, unless a different Response Mode was specified.
From my reading of the spec this means google should return a POST to my server not a GET?
