By: Emilio Pena user 16 Apr 2019 at 3:44 p.m. CDT

3 Responses
Emilio Pena gravatar
Trying to get tokens by code. - After login is completed, being redirected to Login Redirect URI. - Code and state are included in Login Redirect URI but query string separator is set to “#” instead of “?” (http://127.0.0.1:5000/login#access_token....) - Hence it is not possible to parse using flask request.args, nor to recover the full path after the “#” character. - Getting a “Bad Request. The browser (or proxy) sent a request that this server could not understand. KeyError: 'state’ ” Full Login Redirect URI: http://127.0.0.1:5000/login#access_token=c4bb9d00-4dea-4af2-a898-5e8ae1af97da&code=16d6f6d5-ecfe-46e9-9824-33e3c293f905&scope=item%3Acreate+item%3Aedit+openid+item%3Adelete+profile+oxd+item%3Aread&id_token=eyJraWQiOiJiNmU2M2M1My01MDk2LTRiM2EtOTc0Ni05YjFlNGI0OWU2ZjciLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2dsdXUuMTkyLjE2OC4xMS40MS54aXAuaW8iLCJhdWQiOiJAIURDRjYuOEE5RS44NDQ1LkM0OUQhMDAwMSEyNUZCLkZFMEQhMDAwOCExNDBBLkI2QjIuOTg1OC4wMzBGIiwiZXhwIjoxNTU1NDQ4ODYwLCJpYXQiOjE1NTU0NDUyNjAsIm5vbmNlIjoiaDJsODliczgyNWdyOGNqaWtsY3M3MzRjM2IiLCJhdXRoX3RpbWUiOjE1NTU0NDAyOTEsImNfaGFzaCI6Ik5hcDBEd19vYVBvaVVSRUJOc0QwZ2ciLCJhdF9oYXNoIjoiQzQwaFNiUWVBTXNmRXYtbEVnME8xQSIsIm94T3BlbklEQ29ubmVjdFZlcnNpb24iOiJvcGVuaWRjb25uZWN0LTEuMCIsInN1YiI6InpNdTRNT1RqYkFfVC1nTEF6d01IcG5uanFRN0hrbXRRVXYyMUdXZ0E1ekUifQ.kaEv7M7CdSCRC9_-qnJKcIHjoPQ7QFkeKk-A3otjOHgCsn82QRU1robAcKUEmTGk3JBTWKAMXFgrhL1fOuirPO9pf9_tB15v_STIUX9VRCTnj3AHimWHPR6sQjKvT6aYEteppnTsXlEGvleBxMFrV-QOEJsjUpYzpGIVWDIcvFI2Kg5UsAt58VekZlFQGHZhed-gDytWOW93htJPjWHX3jXOY0vuumoiv-Nlm9sPcZmT5hNwhB8-615PW-6nmwvNgR8b9vOQcL233X8k7Lrk0RzHMlO-OT60qDYXw38wlaiuBDtp9pA5vkTEdOuTxRmTQ7u4GapnO_EOFdBPKA7rew&session_id=cb2af766-7397-4a66-8313-f31a457c211a&state=6c41dusud6a4otd9hcb1kd1k8&token_type=bearer&session_state=eb8bba82-0a19-45c9-9f3c-f56a999ae9c7&expires_in=299 What could be a solution for this?

By Michael Schwartz Account Admin 16 Apr 2019 at 4:24 p.m. CDT

Michael Schwartz gravatar
You are using the implicit flow (which is not very secure), therefore the fragment is correctly returned by Gluu. Try using this client: https://github.com/GluuFederation/openid-implicit-client

By Emilio Pena user 17 Apr 2019 at 9:18 a.m. CDT

Emilio Pena gravatar
Hi @Michael.Schwartz, thanks for the quick response. Will try your suggested solution and let you know about the outcome. I thought I was following the Authorization Code flow, since my starting point was one of Gluu client's examples (flask_app_oxd4.py on https://github.com/mbaser/gluu/tree/master/oxd_tutorial) Could you please point out valid examples of clients for both Hybrid and Authorization Code flows? Thank you in advance. Best regards.

By Emilio Pena user 17 Apr 2019 at 9:56 a.m. CDT

Emilio Pena gravatar
@Michael.Schwartz, I understand why now, I was including token & id_token on the response_type field, hence the Implicit flow was being followed. Please disregard the second part of my previous comment. Thanks.