Facebook Authentication and strange redirect behaviour

Question

I'm currently testing an OAuth implementation of facebook connect using http://facebooksdk.codeplex.com.

I've got a FacebookController with 2 simple actions called LogOn and CallBack.

Everything works fine and the user is logged correctly into my system.

The problem is when the CallBack action is called, something strange happens that makes a simple

return Redirect(loggedUrl);

redirecting to the correct logged url but ending with the following characters: #_=_

It appears that the Facebook server sends the information to my webserver using the following HTTP header:

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://mywebsite.com/Facebook/CallBack/?state=1&code=AQCXexr10uxANSBOu9JqrBDxqPkWbsyxM1S9ltuY9XwCXW7eGsOII329SthClxOSM_a7wJvwrXh1_O3D5I7E_nxCDTWDLpyYdMpMUfw4zMWcQ4oV2PmRkIMd2NfPYRKlkLgkurEzka1CjAF1jp8Xb3crklOB59W4IT7LZy6MEmFusuhSKacmsTcV1LAOW4uJ3K4#_=_
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: locale=en_US; expires=Fri, 28-Oct-2011 00:09:38 GMT; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.103.61
X-Cnection: close
Date: Fri, 21 Oct 2011 00:09:38 GMT
Content-Length: 0

As you can see we can find the #_=_ characters at the end of the Location value.

It's like the Redirect was taking into account the #_=_ characters by adding them automatically to the loggedUrl.

Even when I try with return Redirect("/");, the #_=_ is added from (almost) nowhere to my redirected url...

Any idea would be really appreciated.

Thanks in advance for any answer.

Regards,

LB

Answer 1

Facebook has modified their authentication mechanism recently by adding this #= characters to the end of their response. The # symbol at the end of the string is actually creating the problem. So you can either truncate the query and do the redirect which will work fine.