Menu
I am writing a express application, and I have to authenticate the user using oauth 2.0 flow. I have successfully redirected the user to the oauth provider and the provider send the access token in the oauth callback. Something like
http://localhost:4000/oauth/callback#access_token=<token>
Now I have a express route handler like
app.get('/oauth/callback', function(req, res, next) {
});
I know that hash fragment is not passed to server, but this is a oauth callback.
How can I get the url hash fragment in the route handler ?
596
The URL contains access_token parameter. It implies you have used Implicit Flow. In Implicit Flow, parameters must be embedded in the fragment part. The behavior is NOT a bug of the OAuth server.
If you want to receive parameters via the query part, you have to use Authorization Code Flow.
In addition, if the OAuth server supports OAuth 2.0 Form Post Response Mode, your redirect endpoint can receive data as a POST request by adding response_mode=form_post to your authorization request. The specification is similar to the idea described by trodrigues.
The table below shows relationship between "response_type/response_mode" and "HTTP status/data position".
See "Response Format" in Authlete's Definitive Guide for details about the response format of authorization endpoint.
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
