Shira 0 Posted January 29, 2020 Hi, I'm using the WebSrv for Imgur's API and catch the tokens after launching the auth URL, so Imgur redirects to localhost with all the params.. but WebSrv can't catch them all because there is a # Imgur redirection; http://localhost:7710/myapp?state=auth#access_token=....&expires_in= etc then WebSrv's OnSimpWebSrvReq only gets "state=auth" and omits the rest. Share this post Link to post
Angus Robertson 577 Posted January 29, 2020 Sorry, had a quick look at the code, but can not see any reason why ParseReqHdr would truncate RequestParams, it just copies the line after the ?, need to debug it with real data and busy with end of month stuff this week. Angus Share this post Link to post
Shira 0 Posted January 29, 2020 (edited) Hi, nevermind that, it seems to be an "issue" with the browser: http://localhost:8080/test?aaa=1#bbb=2&ccc=3 Quote The response_type Parameter token: This authorization flow will directly return the access_token and refresh_token via the redirect URL you specified during registration, in the form of hash query string parameters. Example: http://example.com#access_token=ACCESS_TOKEN&token_type=Bearer&expires_in=3600 The code and pin response types have been deprecated and will soon no longer be supported. Imgur returns an access token to your application if the user grants your application the permissions it requested. The access token is returned to your application in the fragment as part of the access_token parameter. Since a fragment (the part of the URL after the #) is not sent to the server, client side javascript must parse the fragment and extract the value of the access_token parameter. Edited January 29, 2020 by Shira Share this post Link to post
Guest Posted January 30, 2020 8 hours ago, Shira said: it seems to be an "issue" with the browser: That is not an issue with browser, on contrary browser is right here, the second answer here in SO explain it : https://stackoverflow.com/questions/1547899/which-characters-make-a-url-invalid Quote The character "#" is excluded because it is used to delimit a URI from a fragment identifier. And from https://tools.ietf.org/html/rfc3986#section-3.5 Quote As with any URI, use of a fragment identifier component does not imply that a retrieval action will take place. A URI with a fragment identifier may be used to refer to the secondary resource without any implication that the primary resource is accessible or will ever be accessed. Fragment identifiers have a special role in information retrieval systems as the primary form of client-side indirect referencing, allowing an author to specifically identify aspects of an existing resource that are only indirectly provided by the resource owner. Share this post Link to post
Shira 0 Posted January 30, 2020 4 minutes ago, Kas Ob. said: That is not an issue with browser, on contrary browser is right here, the second answer here in SO explain it : https://stackoverflow.com/questions/1547899/which-characters-make-a-url-invalid And from https://tools.ietf.org/html/rfc3986#section-3.5 I know, that's why I quoted it, I meant to say the issue is due to how the browser (properly) processes that. I don't know what Imgur is thinking removing the PIN method auth, making life even harder for desktop apps. Now I can only embed a browser window to have the user enter their user/pass (beats the whole purpose of OAuth + other issues) or use an app protocol for the redirection (another set of issues). Share this post Link to post