When providing a redirectUri to auth0 js, after successful login, lets say the route provided to redirectUri is localhost:8080/, after login, the url shows as localhost:8080/#access_token=xxxxxx. Is there anyway to just hard redirect to that route without including the access token? Is this intended behavior?
Thanks
Hey there @scott.stern06! This was covered best in the past by one of our senior engineers as mentioned below:
Based on the response you’re getting your application performed a request that used
response_type=token+id_tokenand aresponse_mode=fragment(or did not specify a response mode as fragment is the default for this response type).In order to not have tokens in the URL, you need to use a different response type or different response mode. For example, either just
response_type=codeorresponse_type=token+id_token&response_mode=form_postwould technically remove tokens from being present in an URL, however, your application would now need to support handling responses in accordance to those parameters.
We also have a doc on this subject when it comes to redirecting users after login. Please let me know if this helps you in your quest! Thanks!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.