Request URL with # instead of ?

Request URL with # instead of ?



We are doing an integration with Auth0 (

In order to an application user can authenticate, Auth0 will send an access_token to a callback page developed by us.

The problem is that the request they are sending, have a # symbol instead the ?



Because of this URL format, the page input parameter 'access_token' allways shows empty.

Basically, outsystems is ignoring all caracteres next to the # char (included).

Is there a way to get all the url in preparation so we can substring the access_token?

We tryed to use GetRequestContent (with IncludeHeader as True) from HTTPRequestHandler extension with no success.

Note: We also tested the GetRawURL, GetReferrerURL, GetURL, GetURLWithSession, GetBookmarkableURL, but none of those shows the complete orinal invocation request url.

Any clue?

We discovered this "# thing" using chrome inspect (network). Image in attach.

best regards


Hi Gonçalo,

A quick Google turns up things like this, which explains that by definition (and intent), the # part ("fragment") is processed by the browser only, and is not send to the server, so it makes sense you don't get it there. So it seems the only way to retrieve it, is to do something client-side.

Hi Gonçalo,

I don´t know the auth0, but I have an idea and let me try to suggest you a possible workaround. 

How did you define the callback url for this api? To reach this url https://[server]/Auth0Login/LoginCallback.aspx#access_token=xxxxxxxxx , maybe you configure the callback to send message to https://[server]/Auth0Login/LoginCallback.aspx,

Did you already try to put for instance: https://[server]/Auth0Login/LoginCallback.aspx?params=  in the callback configuration of auth0?  If they only concatenate the return of that, probably you will have : 


and it will be easier to get the parameters . 


Like the URL I supplied in my previous post states, as soons as the browser encounters a hash symbol, it stops parsing the information for sending to the server. Your URL will result in "https://[server]/Auth0Login/LoginCallback.aspx?params=" being sent to the server.

Hi Goncalo

What API are you using? It seems that the redirect page URL has to be built by Auth0. The provide a function to do so on their JS API over here. I am guessing they send the access_token only client side because it's not meant to be stored and reused by you, rather than by the API


   Carlos Lopez

Edit: Added 'URL'