How to get access to the URL segments after a # in Python Flask?

Question

I\'m trying to support OAuth2 login through Python Flask, so I want to handle a URL that looks like this:

    http://myserver/loggedIn#accessToken=thisIsReal         


        

Answer 1

From the RFC:

Fragment identifiers have a special role in information retrieval systems as the primary form of client-side indirect referencing [...] the fragment identifier is not used in the scheme-specific processing of a URI; instead, the fragment identifier is separated from the rest of the URI prior to a dereference

As such, flask drops everything after the '#'. If you want to forward these to the server, you'll have to extract them on the client and pass them to the server via a query parameter or part of the URL path.

Answer 2

You are using the incorrect OAuth 2 grant type (implicit grant) for what you want to do. Implicit grant supplies the token in the fragment as you observed to be used by a javascript client. There is another type of grant, authorization code, which is similar but supplies it in the URI query which you can access from Flask.

You can tell the two apart from the the redirect URI you create for authorization, if it has response_code=code you are on the right track. You currently use response_code=token.

If you are using Facebook look at https://developers.facebook.com/docs/facebook-login/login-flow-for-web-no-jssdk/

For Google look at https://developers.google.com/accounts/docs/OAuth2WebServer

You might also be interested in https://flask-oauthlib.readthedocs.org/en/latest/ which can help you with OAuth.