Token request body

I am creating a single page web app and have noticed that GET /device/code and POST /oauth/token require the request body to be x-www-form-urlencoded. Is there a reason why this is case? Why can’t it be in JSON form?

Hi @shaanon12,

POST /oauth/token: it’s because of the OAuth2 specs: RFC 6749: The OAuth 2.0 Authorization Framework

GET /device/code: I think that should be a POST, might be that the API documentation isn’t correct.