diff --git a/internal/controller/oidc_controller.go b/internal/controller/oidc_controller.go
index 116eac1d..c51e07ab 100644
--- a/internal/controller/oidc_controller.go
+++ b/internal/controller/oidc_controller.go
@@ -115,13 +115,13 @@ func (controller *OIDCController) authorize(c *gin.Context) {
 		return
 	}
 
-	var req service.AuthorizeRequest
-
 	reqQueries := c.Request.URL.Query()
 
-	if reqQueries.Get("request") != "" {
-		requestObject, err := controller.oidc.DecodeAuthorizeJWT(reqQueries.Get("request"))
+	var req service.AuthorizeRequest
 
+	// step 1: if we have a request object, decode it and ignore other params. If not, bind the params as usual
+	if raw := reqQueries.Get("request"); raw != "" {
+		requestObject, err := controller.oidc.DecodeAuthorizeJWT(raw)
 		if err != nil {
 			controller.authorizeError(c, authorizeErrorParams{
 				err:          err,
@@ -130,23 +130,22 @@ func (controller *OIDCController) authorize(c *gin.Context) {
 			})
 			return
 		}
-
 		req = *requestObject
 	} else {
-		var queryReq service.AuthorizeRequest
-
-		err := c.ShouldBindWith(&queryReq, binding.Query)
-
-		if err != nil {
+		// step 2: by default we assume normal GET query parameters
+		bind := binding.Query
+		// step 3: if it's a POST request, we try form parameters
+		if c.Request.Method == http.MethodPost {
+			bind = binding.Form
+		}
+		if err := c.ShouldBindWith(&req, bind); err != nil {
 			controller.authorizeError(c, authorizeErrorParams{
 				err:          err,
-				reason:       "Failed to bind query parameters",
-				reasonPublic: "The client provided invalid query parameters",
+				reason:       "Failed to bind request parameters",
+				reasonPublic: "The client provided invalid parameters",
 			})
 			return
 		}
-
-		req = queryReq
 	}
 
 	client, ok := controller.oidc.GetClient(req.ClientID)
diff --git a/internal/service/oidc_service.go b/internal/service/oidc_service.go
index ab071fc1..cafb59d1 100644
--- a/internal/service/oidc_service.go
+++ b/internal/service/oidc_service.go
@@ -108,10 +108,10 @@ type TokenResponse struct {
 
 type AuthorizeRequest struct {
 	jwt.Claims
-	Scope               string `form:"scope" binding:"required" json:"scope" url:"scope"`
-	ResponseType        string `form:"response_type" binding:"required" json:"response_type" url:"response_type"`
-	ClientID            string `form:"client_id" binding:"required" json:"client_id" url:"client_id"`
-	RedirectURI         string `form:"redirect_uri" binding:"required" json:"redirect_uri" url:"redirect_uri"`
+	Scope               string `form:"scope" json:"scope" url:"scope"`
+	ResponseType        string `form:"response_type" json:"response_type" url:"response_type"`
+	ClientID            string `form:"client_id" json:"client_id" url:"client_id"`
+	RedirectURI         string `form:"redirect_uri" json:"redirect_uri" url:"redirect_uri"`
 	State               string `form:"state" json:"state" url:"state"`
 	Nonce               string `form:"nonce" json:"nonce" url:"nonce"`
 	CodeChallenge       string `form:"code_challenge" json:"code_challenge" url:"code_challenge"`