SSO Callback query starting with '#' instead of '?'


(Nexuscrawler) #1

The URL for logging in users I am currently using for testing purposes is https://login.eveonline.com/oauth/authorize/?response_type=token&redirect_uri=https://127.0.0.1:3000/callback/&client_id=d6f4e24a6f434544828a2d57e80aa651&state=login

The response URL I am getting after logging in is https://127.0.0.1:3000/callback/#access_token=token&token_type=Bearer&expires_in=1199&state=login

Is there any specific reason why the response URL has it’s query parameters starting with a hash (#) instead of a question mark (?)? This is kind of annoying because now I have to parse the URL myself because NodeJS can’t figure out where the query starts.


(EveDataRules) #2

You are using implicit flow. Use online flow instead.


(EveDataRules) #3

PS, don’t post access tokens publicly. Anyone can use them.


(Christy Cloud) #4

Just stopping by to laugh, and reinforce the above. Leaking your own token is no bueno.


(Blacksmoke16) #5

EDIT: Yea you are requesting token not code


(Steve Ronuken) #6

The implicit flow does them with a #, so it doesn’t actually hit any log files.


(Nexuscrawler) #7

Understood, thank you. I am aware of the tokens, but they are only valid for 30 minutes and do not grant access to anything.

I am using the implicit flow to generate a session without any actual scopes. Should I use the online flow without requesting any scopes instead?

EDIT: Figured it out, sorry.


(Steve Ronuken) #8

They can grant with scopes. so they’re important.


(system) #9

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.