Oauth token & Last sub

Alca · October 8, 2017, 5:04am

Implicit code flow

Servers do not receive the # (hash) of the URL. You must capture that with Javascript.

if(location.hash.indexOf('accent_token') > -1) {
    let token = location.hash.split('=')[1];
    // ... Do something with token
}

Or in the modern era:

if(location.hash.includes('access_token')) {
    let token = location.hash.split('=')[1];
    // ... Do something with token
}

Servers will receive the ? (search) of the URL. You can capture that on the server-side.

PHP:

if(isset($_GET['code'])) {
    $token = $_GET['code'];
    // ... Do something with token
}