URL with # sign

L. Robin · ‎01-25-2015

I am writing code with Dorpbox API, It seems working ok as I am calling oauth 2 and return with access_token etc.. looks ok with one issue, in querystring it return with # rather then ? like https://www.sitename.com/dboxcallback.asp?access_token=xxxxxx&token_type=xxxr&uid=xxxx
is this normal? I am expect it would be ? rather then #. or there are something I am doing wrong?

L. Robin · ‎01-25-2015

sorry I get back like this with # https://www.sitename.com/dboxcallback.asp#accesstoken=xxxxxx&token_type=xxxr&uid=xxxx

Steve M. · ‎01-26-2015

See https://www.dropbox.com/developers/core/docs#oa2-authorize. If you're using the token flow, which is intended for client-side apps (including JavaScript in the browser), then the access token and other parameters are included in the URL fragment (the portion of the URL after the # sign).

If you use the code flow (more appropriate for server-side code), then the authorization code will be in a query parameter, and you'll then make a call to /oauth2/token to exchange the authorization code for an access token.

All of this is part of the OAuth 2 standard, not specific to Dropbox, so consider reading up on OAuth 2 itself.

URL with # sign

URL with # sign

Top contributors to this post