Redirect_uri dropping part of URI

So I’m trying to put a social login in front of an app that generates download links like this


It’s working fantastic going directly to the main domain, but it seems to be dropping the part in the URL after the #
i.e. clients are being redirected to https://DOMAIN/download/1cbf12345d67d890/ instead, which isn’t a valid link.

Hopefully this is something simple, maybe I’m missing a setting somewhere?

Hey @cchan , Welcome to the Auth0 Community.

Are you trying to do a hash-based routing with this type of redirect URI?
I believe we don’t support fragments in the redirect URI. Which stems from
this OIDC specification:
It specifically says:
The endpoint URI MUST NOT include a fragment component.


1 Like

It’s not a fragment or anchor, at least it’s not intended to be. I’m trying to put an openid auth on a proxy for a fork of Firefox Send, and it generates download links in that format. Looks like the # portion is supposed to be a decrypt key.

wonder if the # is just being dropped as an invalid character in the redirect then.