Google OAuth service redirects to URL with a # sign at the end

Question

When the user is redirected to https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=[clientid]&redirect_uri=http://example.com/googleauth&scope=email by our "Sign In with Google" button, the response's Location header that causes the redirection back to the site has a # symbol at the end:

Response headers:
location: http://example.com/googleauth?code=[code]#

It certainly does not break the site's funcionality, but I'd like to get rid of it anyway. Is there something wrong with my initial request URL, or do I need to resort to a JavaScript based solution on my end?

score 1 · Accepted Answer · edited May 23 '17 at 12:21

1

There's nothing wrong with your redirect URL or client side code. This is something that Google recently added but should be of no concern to you, see also: Google OAuth code appends extra "#" in response and # added to Google+ OAuth 2.0 callback URL

edited May 23 '17 at 12:21

Community

1
1

answered May 12 '15 at 18:34

Hans Z.

50,496
12
102
115

Well, it's not an issue on our end then. I guess I'll need to do some JS magic to get rid of it. – SeinopSys May 12 '15 at 18:41
the user agent should not send the # to the backend in the first place; if it does, that user agent is in fact broken according to the HTTP spec – Hans Z. May 12 '15 at 18:43

Google OAuth service redirects to URL with a # sign at the end

1 Answers1

Linked