I am creating a single page web app and have noticed that GET /device/code and POST /oauth/token require the request body to be x-www-form-urlencoded. Is there a reason why this is case? Why can’t it be in JSON form?
POST /oauth/token: it’s because of the OAuth2 specs: https://tools.ietf.org/html/rfc6749
GET /device/code: I think that should be a
POST, might be that the API documentation isn’t correct.