Geeting OAuth token from redirect URL parameters after '#'


  • Upbr

    FYI, we switched to 2-step process where we get a code first, which comes as a parameter after '?' and then calling the token API to get the token which returns a JSON object. This solved the token request problem though the one-step token request parsing still remains unresolved.

  • Erica Girges
    Zendesk Developer Advocacy

    Hey H M,

    The reasoning behind the redirect url variation ('?' vs '#') is because with the Authorization Code grant flow your application is defining the request, handling the user access decision and Zendesk's redirect response. We're also generating an authorization code then exchanging it for a token. For this reason, we see the '?' in the redirect url because we're querying for the response (the authorization code) based off of all of the parameters previously defined in the request. We need the request to hit server side to generate the authorization code.

    With the Implicit grant flow, since we're not defining all of the parameters or setting the scope, all we're requesting is the token outright. The only question is whether or not the user grants access. Therefore, we see the '#' character for the path with the access token or error. We're using '#' here because this token generation happens on the client side. 

    Hope this helps!


Please sign in to leave a comment.

Powered by Zendesk