Parsing URL value after '#' in a URL

Question

I'm trying to do a very simple sign on using Microsoft Live Connect, but I'm having problems parsing the returning token. I call this URL:

https://login.live.com/oauth20_authorize.srf?client_id=MY_CLIENT_ID&scope=wl.skydrive_update&response_type=token&redirect_uri=http%3A%2F%2FMY_SITE.com%2Fcallback.php

It takes me to the Microsoft server, logs me in, confirms permissions, and then loads the callback URL correctly, looking like this:

http://MY_SITE.com/callback.php#access_token=LOTS_OF_STUFF&authentication_token=MORE_STUFF&token_type=bearer&expires_in=3600&scope=wl.skydrive_update

Now the question is how do I get these tokens? How am I supposed to parse that? They use a '#' instead of '?'.. so $_GET is empty, $_POST is empty, and $_SERVER['REQUEST_URI'] doesn't show anything.

Answer 1

That's unfortunate that they return with a hash character which is meant to be handled in the client side. If you really need to parse the values using your server-side script (PHP), you can redirect again using JavaScript. You can try to add a JavaScript code like:

  window.onload = function() {
    // redirect if hash is detected
    if(window.location.hash)
    {
      var redirect_hash = window.location.hash.replace('#', '?');
      var redirect_location = 'http://' + document.domain + redirect_uri;
      window.location = redirect_location;      
    }
  }

Then the query string values can be parsed upon redirection.

Answer 2

Normally Browsers doesnt send the values after the hash sign to the server. You can process them with JavaScript on the Client side. See: Why the hash part of the URL is not in the server side?