When providing a redirectUri to auth0 js, after successful login, lets say the route provided to redirectUri is localhost:8080/
, after login, the url shows as localhost:8080/#access_token=xxxxxx
. Is there anyway to just hard redirect to that route without including the access token? Is this intended behavior?
Thanks
Hey there @scott.stern06! This was covered best in the past by one of our senior engineers as mentioned below:
Based on the response you’re getting your application performed a request that used response_type=token+id_token
and a response_mode=fragment
(or did not specify a response mode as fragment is the default for this response type).
In order to not have tokens in the URL, you need to use a different response type or different response mode. For example, either just response_type=code
or response_type=token+id_token&response_mode=form_post
would technically remove tokens from being present in an URL, however, your application would now need to support handling responses in accordance to those parameters.
We also have a doc on this subject when it comes to redirecting users after login. Please let me know if this helps you in your quest! Thanks!
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.