response_mode in authorization code flow

[uta-pmizilin]

Is form_post response_mode supported for authorization code flow (ConfidentialClientApplication)?
Looking at application.py it seems like response_mode parameter is not implemented at all.

msal==1.13.0

[rayluo]

It is true that MSAL Python does not currently expose the response_mode parameter, because the use of response_mode parameter was "not recommended" per the original specs. But we can add it, per newer guidance.

Marking this issue as an enhancement.

[uta-pmizilin]

@rayluo Thanks for the quick response; I assume the newer guidance is the reason why https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc recommends form_post for web applications:

response_mode - Recommended
Specifies the method that should be used to send the resulting authorization code back to your app. Can be form_post or fragment. For web applications, we recommend using response_mode=form_post, to ensure the most secure transfer of tokens to your application.

[ndrsn]

Has any progress been made on this issue?

If not, would a pull request implementing response_mode be welcome, and would you have any pointers as to where to start — based on a cursory glance through the code, it looks like initiate_auth_code_flow would be the place to add/support this parameter?