Why am I getting the access token in the hashstring when redirected back from the facebook OAuth dialog requesting for permission?
Here's the code I use to construct the facebook OAuth dialog:
var parameters = new Dictionary<string, object>
{
{ "response_type", "code_and_token" },
{ "redirect_uri", "http://localhost:3434/"},
{ "scope", string.Join(",", scopes)}
};
return oauth.GetLoginUrl(parameters).AbsoluteUri;
And it redirects to:
http://localhost:3434/?name=asdf%3F#access_token=162925373763120|2.qLDBCyZRe1gGOvrpjLIouQ__.3600.1305252000.1-100000956820295|Hx6tBpndm5Dm1BAXVxjo7QcoxLs&expires_in=5998&code=jTu2wOzMadW0xRm47LgQZlMiu2cWqIzG20BkGNov7Rs.eyJpdiI6IldjRjVaUTF2RjgzUXJsWjNGR1dnWHcifQ.1nmIBbttrglCioBC3uUQ开发者_StackOverflow社区eQ_2btjEfj7acprwzc4E12Ap36GxUoAoVwIqyQFF91ghKi_whzSltd_VVr4nMbyGv0T3wvQ-hLfxhS4F3saZv94ubzDq_gKcvdG9BXMZG77FlY1QP7SLOpdIP4yh8mNWEw
How am I supposed to retrieve the access_token after the OAuth dialog redirect?
Edit- with CBroe's answer
the problem is this line:
{ "response_type", "code_and_token" }
it can only either be:
{ "response_type", "token" }
When set to token, the access_token is passed back in the hashstring which means it can only be used for javascript.
or
{ "response_type", "code" } When set to code, the access_code is passed back in the querystring. This querystring is then used to swap with facebook for the access_token. (Which is the same access_token retrieved from the hashstring if response_type is set to "token"
精彩评论