[keycloak-user] Potential Vulnerability on Login-action endpoint

Hi, Web security scanner found that Keycloak Admin console is using GET with login-actions endpoint. It points out that several parameters is visible in url which can be sensitive. E.g. execution_session_code, client_id. Scanner recommends not to use GET for sensitive parameters. Or even better not accepting GET parameters for the endpoint at all. Are the parameters for login-actions really sensitive? What are reason that this endpoint allows both GET and POST form? Moe Doutaghy