Play Framework appending #_=_ to redirect after Facebook auth via OAuth2?

Question

I\'m doing a simple redirect after calling OAuth2::retrieveAccessToken() with Play Framework. I\'m having funny characters appended to the URL that I never put there, so the

Answer 1

Maybe these characters come from the facebook callback. I was getting a FB callback like

localhost:9000?someparams#code=verylongcodefromfacebook

I could get rid of the # just by sanitizing the params before requesting the access token.

Answer 2

This was added after a security update.

From the Facebook developer blog:

Change in Session Redirect Behavior

This week, we started adding a fragment #_=_ to the redirect_uri when this field is left blank. Please ensure that your app can handle this behavior.