Get URL parameters after the '#' character

Get URL parameters after the '#' character

  
Hi,
 
I am creating an application to integrate with facebook using oauth. First, i am asking the user to grant permission to access his private information.
 
I am using the following  URL to redirect the user:
 
"http://www.facebook.com/dialog/oauth/?scope=publish_stream,offline_access&client_id="+Site.FacebookAppId+"&redirect_uri=http://"+GetServerName()+"/"+Site.ApplicationName+"/FacebookOAuth.aspx?UserMaster="+GetUserMasterById.List.Current.USER_DATA.Id+"&response_type=code_and_token"
 
After the user click the "allow" button it is redirected to the URL specified in the redirect_uri parameter.
 
So the user is redirected to:
 
"http://"+GetServerName()+"/"+Site.ApplicationName+"/FacebookOAuth.aspx?UserMaster="+GetUserMasterById.List.Current.USER_DATA.Id+"#access_token=(Private Information)&expires_in=0&code=(Private Information)
 
I have tried using the GetRequestContent from the HTTPRequestHandler extension to get the information after the '#' character but with no success. 
 
The result of the GetRequestContent action is the following:
 
GET /Site.ApplicationName/FacebookOAuth.aspx?UserMaster=8 HTTP/1.1
 
Cache-Control: max-age=0
Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: pt-PT,pt;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: ASP.NET_SessionId=vz2i3mike3qkzg55gdxa3k45; ECT_notClickedFeedback=,28,; EnterpriseManager=07-02-2011 09:35:5019689142580; EPATaskbox.19=0,,NaN,NaN
Host: GetServerName() User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
OS-Host: GetServerName() OS-Path: Site.ApplicationName OS-Page: /FacebookOAuth.aspx?UserMaster=8

Anyone knows how to get the all the information after the '#' character? 
 
Best Regards, 
 
Diogo Proença


Hello, Diogo.

Maybe I'm missing the point here, but since you define the return URL, why are you placing a "#" character? Can't you use the standard "&"?
I believe that it is an illegal URL character and that is why the rest of the GET is ignored.

Hope this helps,
Pedro Magalhães
Hi Diogo,

The first hash character (#) splits the URL from the part that is used to make the request to the server and the part that's used by the browser to correctly position the viewport. For instance, if your site contains an anchor at the bottom of a page called "bottom" (like <a name="bottom" />), the browser won't pass the hash to the server, but will use it to scroll down the page as soon as it's loaded.

Since it stays in the browser's side, the only way to obtain the access token is by providing facebook oauth API with a redirect_url that points to a page with a script that is capable of doing meaningful things with the token. One possible option is sending it to the server. One such script could be:

var token = null;

// this is the hash parameter name as per http://developers.facebook.com/docs/reference/dialogs/oauth/

var parameter_name = 'access_token='

if (location.hash.indexOf(parameter_name) {

  // we have a token

  // start by filtering the token

  token = location.hash.substring(location.hash.indexOf(parameter_name)+parameter_name.length);

  // cut extra parameters (eg: expire time, etc)

  if (token.indexOf('&') >= 0) token = token.substring(0, token.indexOf('&'));

  // redirect to page providing token as GET parameter

  location.href = "/eSpaceName/RegisterToken?authtoken=" + token;

} else {

  // do some error handling here

}


This script is untested but I think you can get the idea.

Best regards,

Miguel
Hi Diogo,

First question: Why do you have a #access_token instead of &access_token on URL of second redirect step of your authentication process?
Facebook send this parameter with the # char? 

Regards,
Rafael Pereira

Hi Rafael,

The hash (#) is appended by Facebook's OAuth provider to the follow-up redirection URL. This is performed on Facebook's side, so the only way of working around it is to have a script in the provided destination page that expects the hash, converts it into something else and does a follow-up request.

There's more information on this topic in Facebook OAuth Dialog reference.

Cheers,

Miguel
Hi Miguel,

Tks for the explanation!

Regards,
Rafael Pereira