oauth - How to get access to the URL segments after a # in Python Flask?

Question

I'm trying to support OAuth2 login through Python Flask, so I want to handle a URL that looks like this:

    http://myserver/loggedIn#accessToken=thisIsReallyImportant

but when I handle the callback it just seems to drop all the characters after the # in the URL, which contains the important Oauth access token. How do I get this info? It's not included in request.url

ETA: I can retrieve it in client-side javascript using window.location in Javascript, but then I'd have to pass it back to the server, which feels a little hokey but maybe Oauth2 is meant to be done that way?

Answer 1

From the RFC:

Fragment identifiers have a special role in information retrieval systems as the primary form of client-side indirect referencing [...] the fragment identifier is not used in the scheme-specific processing of a URI; instead, the fragment identifier is separated from the rest of the URI prior to a dereference

As such, flask drops everything after the '#'. If you want to forward these to the server, you'll have to extract them on the client and pass them to the server via a query parameter or part of the URL path.