Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
All Oauth providers I’ve authenticated with will redirect you to a page that says something like “Thanks, redirecting you…” and uses javascript to redirect you to the supplied redirect_uri.
I would have thought it was simpler and faster to return an HTTP redirect. Why is it always done that way?
302’s Location header according to HTTP 1.1 looks like this:
absoluteURIaccording to URI Generic Syntax does not include fragment identifier. The one with the fragment is calledURI-reference:The detail is described in @levik’s question: URL Fragment and 302 redirects. I am now learning it the hard way, but the gist is that 302 with fragment doesn’t seems to work with IE8.Using Javascript probably is more reliable way because you’re suppose to pass the access tokens via fragment.
Edit:
I now know what happened with IE8. IE does respect the fragment identifier in Location header, but it ignores the one from source URI. My redirect URL was to
http://example.com/oauth, which I had an automatic redirect to https,https://example.com/oauth.http://example.com/oauth#access_token=foo.https://example.com/oauth.Between step 1 and 2, IE8 threw away the fragment identifier, while some of the other browsers redirected to
https://example.com/oauth#access_token=foo.So the real answer is 302 is ok, as long as you don’t use it more than once on the URL.