Token request body

I am creating a single page web app and have noticed that GET /device/code and POST /oauth/token require the request body to be x-www-form-urlencoded. Is there a reason why this is case? Why can’t it be in JSON form?

Hi @shaanon12,

POST /oauth/token: it’s because of the OAuth2 specs: https://tools.ietf.org/html/rfc6749

GET /device/code: I think that should be a POST, might be that the API documentation isn’t correct.

https://tools.ietf.org/html/draft-ietf-oauth-device-flow-15#section-3.1