Parse hash problems with @angular/router 5.2.8

[jacintoArias]

Hi all,

I am working on a angular project and auth0js stopped parsing the callback hash with the tokens after upgrading the project to angular version 5.2.8.

I am using auth0-js@9.3.3 and I've tracked down the error to find a incompatibility between @angular/router@5.2.8, previous versions of the mentioned package work fine.

It seems that the new version of angular router is somehow sanitizing the content of the hash fragment in the url.

There you have some errors (tokens have been abbreviated):

• Hash fragment returned by @angular/router@5.2.7:

http://localhost:4200/callback#access_token=6(...)C&expires_in=7200&token_type=Bearer&state=y(...)0&id_token=e(...)w

• Hash fragment returned by @angular/router@5.2.8:

http://localhost:4200/callback#access_token%3D(...)G%26expires_in%3D(...)%26token_type%3DBearer%26state%3Dnd.GKlqxOSTwNbppTt_Ck4Sqlyrjtc-2%26id_token%3De(...)w

This might be related to angular/angular#22337

I don't know if this angular behaviour is going to be permanent, if so the hash fragment should be processed before parsing it with qs.

If angular were to change this, please notify your users of this bug, as the actual quickstart replicates this (and took me some time to realise)

[luisrudge]

This was already fixed in https://github.com/angular/angular/pull/22687. Angular users should wait for the 5.2.9 release. Let's hope they release a patch fix soon.

[jasonaden]

@luisrudge Good to have this verified as fixed. The patch will be released Wednesday.