By: Naga Praveen user 31 Oct 2017 at 6:10 a.m. CDT

2 Responses

Hi, In my application, I plan to show Gluu's login page and once the user logs in, I see the return params in my page url to be code, session id, scope, etc, is there a way access_token be part of the response as well in the same authorization url? Or post login, based on the code should I go fetch the access_token? If that's the case, then how would I have to redirect it back to my login redirect uri with access_token? So essentially, I want to set a login redirect uri which gets access_token as a query parameter. Thanks

Ubuntu 16.0

closed

By Michael Schwartz Account Admin 31 Oct 2017 at 10:01 a.m. CDT

Copy

If you use the implicit flow, and response_type=token id_token` you will get back both the access token and id_token. Putting the access token in the redirect_uri is a bad idea. You should use [form post response mode](http://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html), because URI's can be logged or intercepted along the way.

By Naga Praveen user 31 Oct 2017 at 10:24 a.m. CDT

Copy

Thanks for your quick response. That makes sense to me.

You need to Login in order to post an answer

Login page return values

By: Naga Praveen user 31 Oct 2017 at 6:10 a.m. CDT

Answers

By Michael Schwartz Account Admin 31 Oct 2017 at 10:01 a.m. CDT

By Naga Praveen user 31 Oct 2017 at 10:24 a.m. CDT

Post an answer