1

I am using the meanjs stack and seeing the following callback URL when using Chrome and G+ to auth:

https://accounts.google.com/o/oauth2/approval?as=223724a429788812&hl=en&pageId=none&xsrfsign=ABDEF4gAAAAAV8888ga8dMABcuJAxLy9999qrGXRtXi3

-> 302: Temporary redirect to:

http://localhost:3000/auth/google/callback?code=4/gGM83kTe6c9999999925n6l0tuv9P0C2ZGg8G4Zk_Jc.UlLC0fzyg_QbABD6UAPFm0H6mCCCmgI#

Can anyone explain or point to docs that describe where the ending # comes from?

When I use Firefox I don't see the # being appended.

TIA

pinoyyid
  • 21,499
  • 14
  • 64
  • 115
Pavel Potoplyak
  • 141
  • 2
  • 9

1 Answers1

-2

The ending # doesn't really matter, it's just a fragment identifier and it won't affect anything. For Google OAuth 2.0, in a client-side application, it's used to send error messages, but it's empty because there is no error.

In addition, you may want to be careful about posting your authorization code publicly...

gengkev
  • 1,890
  • 2
  • 20
  • 31
  • 1
    Unfortunately the extra # appears to be presenting a problem to client Angular JS code, https://github.com/meanjs/mean/issues/535 . You are assuming that I pasted the code verbatim, which is not the case... – Pavel Potoplyak May 03 '15 at 04:49
  • I didn't know that the ending # could cause a problem, my apologies! But even if the extra `#` is removed as a workaround, won't it also cause a problem when there is an actual authentication error? – gengkev Jul 29 '16 at 02:33