Search
Search

How to include hash fragment in redirect uri for authentication provider

Liero Published at Dev
8
Liero

I have asp.net core 2.1 app with open id connect authentication:

services.AddAuthentication(...)
    .AddCookie(...)
    .AddOpenIdConnect(...);

When unauthenticated user visits url: /path?somequery#somehashfragment, it is redirected to authentication providers's login page and than back to /path?somequery, but the hash fragment is stripped out.

Kavindu Dodanduwa

URL hash fragments do not go out of the browser. That mean if you put a hash fragment to a URL in your browser and visit it, fragment won't reach the server end. Solution would be to make this parameter a query parameter.

From OIDC perspective this is used for implicit flow to prevent token stealing. This is highlighted in specification's Implicit Flow Threats section.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

How to identify provider for oauth2 redirect_uri callback?

Uri.PathAndQuery doesnt include hash Query

Redirect to HTTPS doesn't include Request URI

How to plug in custom Authentication Provider?

How to remove fragment from URI

How to not display URI variable on redirect?

How to modify the URI before redirect

.shtml - how to redirect AND pass the URI

OWIN OAuth2 middleware with %23 (# fragment) in redirect uri

How to include a Layout Fragment in Android

How to redirect user after authentication

Authentication with Azure AD redirect_uri is incorrect using FrontDoor

Strapi Microsoft authentication having issue with Redirect URI in Angular app

Spotify authentication using Spotipy not showing and my redirect uri is refusing to connect?

Soundcloud API Authentication | NodeWebkit, redirect uri and local file system

How to include a variable in a laravel redirect

How to redirect from last fragment to specific fragment on last fragment backpress

How are handle multiple authentication provider (firebase)

How to get a custom user provider in an authentication guard?

How to set Keycloak as authentication provider for humhub

How to include a Provider(s) within widget testing?

How to Parse uri in ruby without Authentication

How to redirect to same uri and domain with different port

How to Set a Redirect URI For Login with PayPal

How redirect dynamic subdomain to a domain with uri

How to access parameters in a redirect URI in Flask?

How to redirect a URI with a parenthesis in Ruby on Rails

How to redirect to new url if multiple slashes in URI?

Error 400: redirect_uri_mismatch How to format my URI?

TOP Ranking

  1. 1

    pump.io port in URL

  2. 2

    Loopback Error: connect ECONNREFUSED 127.0.0.1:3306 (MAMP)

  3. 3

    Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

  4. 4

    How to import an asset in swift using Bundle.main.path() in a react-native native module

  5. 5

    Failed to listen on localhost:8000 (reason: Cannot assign requested address)

  6. 6

    Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

  7. 7

    ngClass error (Can't bind ngClass since it isn't a known property of div) in Angular 11.0.3

  8. 8

    Using Response.Redirect with Friendly URLS in ASP.NET

  9. 9

    Can a 32-bit antivirus program protect you from 64-bit threats

  10. 10

    Double spacing in rmarkdown pdf

  11. 11

    How to fix "pickle_module.load(f, **pickle_load_args) _pickle.UnpicklingError: invalid load key, '<'" using YOLOv3?

  12. 12

    3D Touch Peek Swipe Like Mail

  13. 13

    Bootstrap 5 Static Modal Still Closes when I Click Outside

  14. 14

    Assembly definition can't resolve namespaces from external packages

  15. 15

    Vector input in shiny R and then use it

  16. 16

    Emulator wrong screen resolution in Android Studio 1.3

  17. 17

    Svchost high CPU from Microsoft.BingWeather app errors

  18. 18

    Graphics Context misaligned on first paint

  19. 19

    Python connect to firebird docker database

  20. 20

    Is this docker-for-mac password dialog legit?

  21. 21

    How to save models trained locally in Amazon SageMaker?

HotTag

Archive