Well, this is an example of how code looks like with the redirect url in my case:
http://localhost:5000/account/login?code=r-exHko-4MmWnMlq#_=_
The correct code is r-exHko-4MmWnMlq
Why I receive those symbols in the end #_=_ ?
This is how my log in link looks:
https://my-develop.auth0.com/authorize?client_id=myclient&response_type=code&connection=facebook&redirect_uri=http://localhost:5000/account/login&scope=openid%20profile%20email%20offline_access
Thanks !
Unless someone else already went through the exact same thing, it’s likely that in order to solve that mystery an analysis of the network requests will be required. You can do this yourself in the browser network tools or capture that information and then share it (be mindful that HTTP traces may contain sensitive information like credentials).
The thing to look for is the network request that responds with the HTTP 302 to your callback URL. In that response you’ll find the Location header so you will be able to see if the fragment #_=_ is being returned from the server-side itself or if it’s something that may be appended by client-side logic.