2

In my Spring Boot/OAuth2 application I'm trying to login user via my own OAuth2 server with implicit flow with a following url:

http://example.com/api/oauth/authorize?response_type=token&client_id=example_client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin

after login it redirects the user to the following url:

http://localhost:8080/login#access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoyOTcsInVzZXJfbmFtZSI6ImFkbWluIiwic2NvcGUiOlsicmVh&token_type=bearer&expires_in=43199&scope=read%20write&user_id=297&jti=9d416117-0d08-4f4e-874d-3f31dbe7815f

Is it a correct behavior that the user was redirected to the url with # symbol instead of ?.. I mean:

http://localhost:8080/login?access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoyOTcsInVzZXJfbmFtZSI6ImFkbWluIiwic2NvcGUiOlsicmVh&token_type=bearer&expires_in=43199&scope=read%20write&user_id=297&jti=9d416117-0d08-4f4e-874d-3f31dbe7815f

if no - how to set up my Spring application OAuth2 server in order to redirect user to a correct url ?

Improve this question

1 Answer 1

Reset to default
7

The behavior is correct. The authorization code flow requires that response parameters be embedded in the query part of a redirect URI (RFC 6749, 4.1.2. Authorization Response) while the implicit flow requires that response parameters be embedded in the fragment part (RFC 6749, 4.2.2. Access Token Response).

OAuth 2.0 Multiple Response Type Encoding Practices has defined a new request parameter, response_mode. The parameter specifies where response parameters should be embedded. In the specification, query, fragment and none are defined. In addition, OAuth 2.0 Form Post Response Mode has added form_post as a value of response_mode. If response_mode=form_post is included in an authorization request, response parameters are embedded as HTML form parameters.

You can find a table describing the relationship between response_type/response_mode combinations and HTTP status/response parameters' location in "2. Response Format" in Authlete's Definitive Guide.

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.