seanmonstar
commented
6 years ago So, this isn't a case of hyper (or the http crate) not giving you the fragment. Instead, the browser will never send you the fragment during the redirect. The browser when it gets the redirect will do a GET /your-redirect-uri, but won't send the fragment. It will provide the fragment to the JavaScript application that is loaded.
The token flow is not meant for servers, but rather just to get API access in a front-end application. If the server needs access to the API, that's what the code flow is for.
This is quite common in OAuth2, and Microsoft's version is no different. They are all aware that fragments aren't sent to servers, as defined in RFC 7230:
[...] a user agent would resolve to its absolute form in order to obtain the "target URI". The target URI excludes the reference's fragment component, if any, since fragment identifiers are reserved for client-side processing.
jongiddy
craftytrickster
Version:
hyper = "0.12.7"I see the lack of access to a URL fragment has been discussed previously: https://github.com/hyperium/hyper/issues/1345
I can see the reasoning for not allowing easy access to the URL fragment, but I have a particular use case that I can't seem to handle with the standard
hyperAPI.OAuth2 login to Microsoft Graph using Token Flow redirects to a URL where the authentication token is in the fragment (or after a hash character, depending on your perspective). See the Response section of https://docs.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/graph-oauth#token-flow for an example of the expected URL.
Is there a way to get the raw request URL so that I can extract the token myself?