+ Start a Discussion
Walt_AISWalt_AIS 

SSO with OAuth returning access token in URL fragment rather than querystring

Hi, I'm using the My Domain + SAML 2.0 features to request an OAuth access token from Salesforce. Everything is working fine, Salesforce kicks off the SP initiated SAML assertion and authenticates the account. The issue I'm having is that when Salesforce returns to my redirect URI, the access token and all the OAuth info is included in a URL fragment rather than query string variables. In other words, it looks like this: https://mysite.com/mysalesforcecallbackpage/#access_token=foobar&etc. I'm using .NET to handle the response, and the URL fragments are not processed by the server since they are client-side only. I would rather handle the OAuth values on the server if possible. Is there any way to set how the OAuth values are returned in the URL? Thanks for any help.

SuperfellSuperfell

It sounds like you might be using the user agent oauth flow when you should be using the web server flow. what parameters are you initially passing to the oauth service?

Walt_AISWalt_AIS

I may be using the wrong flow, does the web server flow work with SSO? I use it now with a normal Salesforce login, but I didn't see a way to use it with SSO. (Edit: I mean besides the SAML bearer and assertion flows, I'd like to avoid generating requests or assertions) Here are the parameters I'm using:

 

response_type = token

client_id

redirect_uri

 

I'm redirecting to the url: https://myapp.my.salesforce.com/services/oauth2/authorize

 

Thanks.