1

I want to get the access_token in the url after a redirection from AWS COGNITO in a "implicit" oauth flow. AWS Cognito redirect the browser to : https://mydomain/#access_token=xxxxx

I want to get the "access_token=xxxxx" part for storage, in a nuxt "middleware".

It doesn't seam to be in the "context.req" object. Where can I find it ?

David Vergison
  • 35
  • 1
  • 10
  • It might be in `context.$route`. – N.B. Dec 27 '19 at 18:27
  • Alas, context.$route is empty :( Do I need to add a specific module or something ? – David Vergison Dec 30 '19 at 08:46
  • I tried a `console.warn(context)` and the access_token is nowhere ... – David Vergison Dec 30 '19 at 08:53
  • Are you using Nuxt in SSR mode? The fragment is never sent to server, this is something you can only do in the browser. It should be in the `$route.hash` property. – N.B. Dec 30 '19 at 11:17
  • Damned ! Yes, I use SSR mode, I want to test this for a futur project which will need some SEO. But after carefull consideration, it's true that I don't need the "connected" information server side ... "personnals informations" are not to be exposed to search engines or cached. Thanks ! – David Vergison Dec 31 '19 at 07:25

1 Answers1

0

The Implicit flow doesn't return an authorization code like the Authorization flow does. You'll get the access token directly in the response body.

Here is a link with more info.

Implicit Flow

AJ Longstreet
  • 11
  • 4
  • What OP wrote was *I want to get the* **access_token** – N.B. Dec 27 '19 at 18:27
  • As I said, the access token is in the body. Authorization codes come in the URI. Access tokens come in the response body. – AJ Longstreet Dec 27 '19 at 19:00
  • https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/ -> read the bit what Amazon Cognito does in implicit flow and where it places the data. Then read what the OP asked and try to figure out why you're posting the wrong answer. – N.B. Dec 28 '19 at 00:32
  • N.B is right, Cognito put the access token in the fragment part of the url, not in the body ... I can't find a way to change this behaviour ... So i'm stuck with this ... – David Vergison Dec 30 '19 at 08:41