Closed mneumueller closed 7 years ago
danopz
commented
7 years ago This is application specific. The fragment MUST be the last part of the URI and the query part is before that. You try to add the query part inside of the fragment part - all after # is fragment - which results in an URI without query params. So how are we able to get https://www.example.com/?code=2sadkfa3378dsadj&state=1#/oauth2?
Spomky
commented
7 years ago Furthermore to the answer provided by @danopz and as per the RFC6749 section 3.1.2, the redirection URI must not contain a fragment parameter. The given redirect URI (https://www.example.com/#/oauth2) should be rejected by the server.
mneumueller
commented
7 years ago Thanks for the clarification and the the RFC link. Unfortunately I receive as Redirect URI https://www.example.com/#/oauth2 from an Angular2 App. I'll keep my fork until this is fixed in the Angular2 App.
Output the query part after the fragment part, otherwise redirect URIs with fragment don't work.
Example: Given Redirect URI: https://www.example.com/#/oauth2 Result of buildUri before change: https://www.example.com/?code=2sadkfa3378dsadj&state=1#/oauth2 Result after change: https://www.example.com/#/oauth2?code=2sadkfa3378dsadj&state=1