Twitch should use POST when redirecting back from login

That is correct, but why Twitch would not rather to put it inside the body? that just adds another layer of security