(ASP.Net) google oauth2 returning token after hash instead of in a querystring

Question

I have a project that requires an ASP.Net app to use google credentials and so authorization is in oauth 2.0.

I have formed a valid request for authorization to google's APIs, but the response (and the token with it) is returned after a hash character '#'. Kinda like:

[sample http link:] myredirecturi.com/oauthcallback#token=thetokenvalue...

What I was expecting was it was in the format of a querystring, i.e., after a question mark '?':

[sample http link:] myredirecturi.com/oauthcallback?token=thetokenvalue...

The reason I am having problems with this is I can't reference the token in server-side ASP.net.

To call this request, basically what I am doing is doing a Response.redirect to google's url, but it seems to think I need a client-side response to it.

So, my question is, how do I make google respond in a querystring?

If it helps, this is what I'm basing most of my work on: https://developers.google.com/accounts/docs/OAuth2Login

Thanks.

Answer 1

In your auth request URL, are you setting response_type=token? That would cause the server to return an access token in the fragment. This is the Client-side flow described here: https://developers.google.com/accounts/docs/OAuth2UserAgent

If you're performing OAuth in a web server (and it sounds like you are), you should use the Web server flow described here: https://developers.google.com/accounts/docs/OAuth2WebServer -- you specify response_type=code which will result in an authorization code that you can exchange for a refresh token and access token in a subsequent request.