OAuth authorization callback is not working where there is a # in the URL

I am not sure if this is the right place for this, but the OAuth authorization callback is not working where there is a # in the URL.

Here is the callback url
Screen Shot 2021-05-19 at 10.00.03 AM

which returns something like this. You can see the code query string showing before the path when there is a # in the path.

http://localhost:9000/?code=CODE_FROM_GITHUB_SERVER#/signin

:wave: Welcome!

I think in this case we are parsing the hash mark (#) as a fragment identifier.

The fragment identifier introduced by a hash mark # is the optional last part of a URL for a document. It is typically used to identify a portion of that document (to scroll to a specific element id).

We rebuild the URI in accordance with RFC3986, where section 3 of RFC3986 indicates the fragment must be at the end of the URI:

The generic URI syntax consists of a hierarchical sequence of
components referred to as the scheme, authority, path, query, and
fragment.

 URI  = scheme ":" hier-part [ "?" query ] [ "#" fragment ]

Ref: https://tools.ietf.org/html/rfc3986

So in this case we are rebuilding the URI, after adding the query parameter code and moving the fragment identifier to the end of the URI.

If that URL is not configurable in your app, you may have to find a way to set up a html redirect to this URL from one that doesn’t have a # character - so that we’re not adding the token in the middle.

1 Like