It's a trap
It's a trap

Reputation: 1353

Problems with Azure AD response with OAuth implicit flow

I tried to follow the OAuth implicit flow as mentioned in this doc and it works fine.

But when i changed the response_type to 'token', azure ad redirects back to https://example.com/#access_token=ey... instead of https://example.com/?access_token=ey...

Difference is the # instead of ?. This is a problem as we are not able to fetch the parameter using

Request.Params.Get("access_token"); //this always null

How to fetch the access token from the url?

Upvotes: 1

Views: 281

Answers (1)

evilSnobu
evilSnobu

Reputation: 26324

It's a trap!

You can't do it in the backend.

That's the whole point of it being a fragment rather than a parameter - only the user agent can extract it. Use adal.js or manually extract it in JavaScript and place in local/session storage.

Follow the samples in azure-activedirectory-library-for-js and look at this method.

Upvotes: 2

Related Questions