Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Play Framework appending #_=_ to redirect after Facebook auth via OAuth2?

I'm doing a simple redirect after calling OAuth2::retrieveAccessToken() with Play Framework. I'm having funny characters appended to the URL that I never put there, so the end result looks as follows:

http://localhost:9000/#_=_

Where on earth does the #_=_ come from? Here's my route definition from the routes file:

GET / Application.index

Here's the code snippet of the controller dealing with the Facebook authentication:

public static void facebookConnect() {
    OAuth2 facebook = new OAuth2(
        "https://graph.facebook.com/oauth/authorize",
        "https://graph.facebook.com/oauth/access_token",
        "2#############6",
        "c##############################2"
    );

    if(OAuth2.isCodeResponse()) {
        OAuth2.Response oauthResponse = facebook.retrieveAccessToken(facebookAuthUrl());
        if(oauthResponse.error == null) {
            //... Somewhere here, something is causing #_=_ to be appended to the URL?
            Application.index();
        }
    }
    facebook.retrieveVerificationCode(facebookAuthUrl());
}

EDIT:

According to this page, Facebook changed their API recently to include the = if request_uri is empty, the problem is...my request_uri has been explicitly set?

like image 576
josef.van.niekerk Avatar asked Sep 06 '11 19:09

josef.van.niekerk


People also ask

Is Play framework asynchronous?

Internally, Play Framework is asynchronous from the bottom up. Play handles every request in an asynchronous, non-blocking way. The default configuration is tuned for asynchronous controllers.

Why play framework is used?

Play Framework makes it easy to build web applications with Java & Scala. Play is based on a lightweight, stateless, web-friendly architecture. Built on Akka, Play provides predictable and minimal resource consumption (CPU, memory, threads) for highly-scalable applications.


2 Answers

This was added after a security update.

From the Facebook developer blog:

Change in Session Redirect Behavior

This week, we started adding a fragment #_=_ to the redirect_uri when this field is left blank. Please ensure that your app can handle this behavior.

like image 190
Alexcode Avatar answered Sep 27 '22 16:09

Alexcode


Maybe these characters come from the facebook callback. I was getting a FB callback like

localhost:9000?someparams#code=verylongcodefromfacebook

I could get rid of the # just by sanitizing the params before requesting the access token.

like image 32
alfonso.kim Avatar answered Sep 27 '22 17:09

alfonso.kim