Token appears in address bar when using OpenID/IdentityServer and redirecting to different page

Question

I am using Identity Server 4 and Angular 2 and the angular-oauth2-oidc library. When I authenticate to Identity Server and redirect to a different page it puts the token in the address bar, if I redirect back to the same page the login was initiated from then the address bar is fine.

public redirect_uri = 'http://localhost:4200/requests';
this.oAuthService.redirectUri = this._configuration.redirect_uri;

Address Bar = http://localhost:4200/requests#id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6Im...

Has anyone see anything like this before? Any idea where to begin looking at how to troubleshoot this?

score 1 · Accepted Answer · edited May 23 '17 at 12:25

1

Yes, this is normal intended behavior. It is standard to send the token through as a hash/uri fragment.

This post can clear it up for you.

edited May 23 '17 at 12:25

Community

1
1

answered Mar 03 '17 at 07:56

Lutando

4,909
23
42

Token appears in address bar when using OpenID/IdentityServer and redirecting to different page

1 Answers1