Authorization post support

source/Core/Configuration/Hosting/WebApiConfig.cs

@@ -93,11 +93,11 @@ private static void ConfigureRoutes(IdentityServerOptions options, HttpConfigura
                 config.Routes.MapHttpRoute(
                     Constants.RouteNames.Oidc.Authorize,
                     Constants.RoutePaths.Oidc.Authorize,
-                    new { controller = "AuthorizeEndpoint", action = "Get" });
+                    new { controller = "AuthorizeEndpoint", action = "Process" });
                 config.Routes.MapHttpRoute(
                     Constants.RouteNames.Oidc.Consent,
                     Constants.RoutePaths.Oidc.Consent,
-                    new { controller = "AuthorizeEndpoint", action = "PostConsent" });
+                    new { controller = "AuthorizeEndpoint", action = "SubmitConsent" });
                 config.Routes.MapHttpRoute(
                     Constants.RouteNames.Oidc.SwitchUser,
                     Constants.RoutePaths.Oidc.SwitchUser,

source/Core/Endpoints/Connect/AuthorizeEndpointController.cs

@@ -97,11 +97,31 @@ public AuthorizeEndpointController(
         /// <param name="request">The request.</param>
         /// <returns></returns>
         [HttpGet]
-        public async Task<IHttpActionResult> Get(HttpRequestMessage request)
+        [HttpPost]
+        public async Task<IHttpActionResult> Process(HttpRequestMessage request)
         {
             Logger.Info("Start authorize request");
 
-            var response = await ProcessRequestAsync(request.RequestUri.ParseQueryString());
+            NameValueCollection parameters = null;
+            if (request.Method == HttpMethod.Get)
+            {
+                parameters = request.RequestUri.ParseQueryString();
+            }
+            else if (request.Method == HttpMethod.Post)
+            {
+                if (!request.Content.IsFormData())
+                {
+                    return StatusCode(System.Net.HttpStatusCode.UnsupportedMediaType);
+                }
+
+                parameters = await request.Content.ReadAsFormDataAsync();
+            }
+            else
+            {
+                return StatusCode(System.Net.HttpStatusCode.MethodNotAllowed);
+            }
+
+            var response = await ProcessRequestAsync(parameters);
 
             Logger.Info("End authorize request");
             return response;
@@ -174,7 +194,7 @@ private async Task<IHttpActionResult> ProcessRequestAsync(NameValueCollection pa
 
         [HttpPost]
         [ValidateAntiForgeryToken]
-        public Task<IHttpActionResult> PostConsent(UserConsent model)
+        public Task<IHttpActionResult> SubmitConsent(UserConsent model)
         {
             Logger.Info("Resuming from consent, restarting validation");
             return ProcessRequestAsync(Request.RequestUri.ParseQueryString(), model ?? new UserConsent());

source/Core/Resources/T4resx.cs

@@ -19,7 +19,7 @@ public class EventIds
 			public const string PreLoginSuccess = "PreLoginSuccess";
 			public const string ResourceOwnerFlowLoginFailure = "ResourceOwnerFlowLoginFailure";
 			public const string ResourceOwnerFlowLoginSuccess = "ResourceOwnerFlowLoginSuccess";
-			public const string TokenRevoked = "TokenRevoked";
+	        public const string TokenRevoked = "TokenRevoked";
 	}
 	public class MessageIds
 	{

source/Tests/UnitTests/Conformance/Basic/RedirectUriTests.cs

@@ -117,6 +117,36 @@ public void Preserves_query_parameters_in_redirect_uri()
             query["baz"].ToString().Should().Be("quux");
         }
 
+        [Fact]
+        [Trait("Category", Category)]
+        public void POST_allowed_to_authorization_endpoint()
+        {
+            host.Login();
+
+            var disco = host.GetDiscoveryDocument();
+            var url = disco["authorization_endpoint"].ToString();
+
+
+            var nonce = Guid.NewGuid().ToString();
+            var state = Guid.NewGuid().ToString();
+
+            var data = new Dictionary<string, string>
+            {
+                {"client_id", client_id },
+                {"redirect_uri", redirect_uri },
+                {"scope", "openid" },
+                {"response_type", "code" },
+                {"state", state },
+                {"nonce", nonce},
+            };
+
+            var result = host.Client.PostAsync(url, new FormUrlEncodedContent(data)).Result;
+            result.StatusCode.Should().Be(HttpStatusCode.Redirect);
+            result.Headers.Location.AbsoluteUri.Should().StartWith("https://code_client/callback");
+            result.Headers.Location.AbsolutePath.Should().Be("/callback");
+        }
+
+
         [Fact]
         [Trait("Category", Category)]
         public void Rejects_redirect_uri_when_query_parameter_does_not_match()

source/Tests/UnitTests/Endpoints/Connect/AuthorizeEndpointControllerTests.cs

@@ -72,5 +72,12 @@ public void PostConsent_NoBody_ReturnsErrorPage()
             var resp = PostForm(Constants.RoutePaths.Oidc.Consent, (object)null);
             resp.AssertPage("error");
         }
+
+        [Fact]
+        public void PostAuthorize_Json_ReturnsError()
+        {
+            var response = client.PostAsJsonAsync(Url(Constants.RoutePaths.Oidc.Authorize), new { foo = "bar" }).Result;
+            response.StatusCode.Should().Be(HttpStatusCode.UnsupportedMediaType);
+        }
     }
 }