Skip to Content (Press Enter)
UserImage.jpg
Diogo Alexandre Breites de Campos Proença
46Views
5Comments
Get URL parameters after the '#' character
Question
Hi,
 
I am creating an application to integrate with facebook using oauth. First, i am asking the user to grant permission to access his private information.
 
I am using the following  URL to redirect the user:
 
"https://www.facebook.com/dialog/oauth/?scope=publish_stream,offline_access&client_id="+Site.FacebookAppId+"&redirect_uri=https://"+GetServerName()+"/"+Site.ApplicationName+"/FacebookOAuth.aspx?UserMaster="+GetUserMasterById.List.Current.USER_DATA.Id+"&response_type=code_and_token"
 
After the user click the "allow" button it is redirected to the URL specified in the redirect_uri parameter.
 
So the user is redirected to:
 
"https://"+GetServerName()+"/"+Site.ApplicationName+"/FacebookOAuth.aspx?UserMaster="+GetUserMasterById.List.Current.USER_DATA.Id+"#access_token=(Private Information)&expires_in=0&code=(Private Information)
 
I have tried using the GetRequestContent from the HTTPRequestHandler extension to get the information after the '#' character but with no success. 
 
The result of the GetRequestContent action is the following:
 
GET /Site.ApplicationName/FacebookOAuth.aspx?UserMaster=8 HTTP/1.1
 
Cache-Control: max-age=0
Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: pt-PT,pt;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: ASP.NET_SessionId=vz2i3mike3qkzg55gdxa3k45; ECT_notClickedFeedback=,28,; EnterpriseManager=07-02-2011 09:35:5019689142580; EPATaskbox.19=0,,NaN,NaN
Host: GetServerName() User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
OS-Host: GetServerName() OS-Path: Site.ApplicationName OS-Page: /FacebookOAuth.aspx?UserMaster=8

Anyone knows how to get the all the information after the '#' character? 
 
Best Regards, 
 
Diogo Proença
0
0
07 Feb 2011
Copy Link
UserImage.jpg
Pedro Magalhães
Hello, Diogo.

Maybe I'm missing the point here, but since you define the return URL, why are you placing a "#" character? Can't you use the standard "&"?
I believe that it is an illegal URL character and that is why the rest of the GET is ignored.

Hope this helps,
Pedro Magalhães
0
0
07 Feb 2011
Copy Link
2011-06-15 10-50-19
Miguel Ventura
Staff
Hi Diogo,

The first hash character (#) splits the URL from the part that is used to make the request to the server and the part that's used by the browser to correctly position the viewport. For instance, if your site contains an anchor at the bottom of a page called "bottom" (like <a name="bottom" />), the browser won't pass the hash to the server, but will use it to scroll down the page as soon as it's loaded.

Since it stays in the browser's side, the only way to obtain the access token is by providing facebook oauth API with a redirect_url that points to a page with a script that is capable of doing meaningful things with the token. One possible option is sending it to the server. One such script could be:

var token = null;

// this is the hash parameter name as per https://developers.facebook.com/docs/reference/dialogs/oauth/

var parameter_name = 'access_token='

if (location.hash.indexOf(parameter_name) {

  // we have a token

  // start by filtering the token

  token = location.hash.substring(location.hash.indexOf(parameter_name)+parameter_name.length);

  // cut extra parameters (eg: expire time, etc)

  if (token.indexOf('&') >= 0) token = token.substring(0, token.indexOf('&'));

  // redirect to page providing token as GET parameter

  location.href = "/eSpaceName/RegisterToken?authtoken=" + token;

} else {

  // do some error handling here

}

This script is untested but I think you can get the idea.

Best regards,

Miguel
0
0
08 Feb 2011
Copy Link
2019-08-20 01-57-17
RafaOutSystems
 
MVP
Hi Diogo,

First question: Why do you have a #access_token instead of &access_token on URL of second redirect step of your authentication process?
Facebook send this parameter with the # char? 

Regards,
Rafael Pereira

0
0
08 Feb 2011
Copy Link
2011-06-15 10-50-19
Miguel Ventura
Staff
Hi Rafael,

The hash (#) is appended by Facebook's OAuth provider to the follow-up redirection URL. This is performed on Facebook's side, so the only way of working around it is to have a script in the provided destination page that expects the hash, converts it into something else and does a follow-up request.

There's more information on this topic in Facebook OAuth Dialog reference.

Cheers,

Miguel
2
0
09 Feb 2011
Copy Link
2019-08-20 01-57-17
RafaOutSystems
 
MVP
Hi Miguel,

Tks for the explanation!

Regards,
Rafael Pereira
0
0
09 Feb 2011
Copy Link
Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.