Azure AD redirect URI has id_token after hashtag instead of as query param

Question

I'm using Azure AD to authenticate my users. I think I follow the Azure AD spec correctly and I redirect my users to this url:

https://login.windows.net/common/oauth2/authorize?response_type=id_token&redirect_uri=https%3a%2f%2ftest.com%2fAzureAD&client_id=71B157BE-1102-11E4-B4B7-B2E0E18D2956&scope=openid&nonce=6DF6E436-1102-11E4-A45E-B2E0E18D2956

Azure redirects back to my url with a valid id_token, but the format is this:

https://test.com/AzureAD#id_token=(id_token)

instead of:

https://test.com/AzureAD?id_token=(id_token)

Because it puts the id token after the hashtag instead of as a query param, I cannot access the value of id_token server-side. I've tried looking through the documentation, but I can't seem to find a way to either change or specify this behavior. Does anyone know how to fix this?

Answer 1

Add &response_mode=query to your request. The default response_mode was changed to fragment.

Hope this helps.

ps: Azure AD also supports &response_mode=form_post