I'm trying to implement the manual Facebook login flow as described at:
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow
The step where the user signs in and authorizes the app is all good. The problem starts when Facebook redirects to my service (after success login); I can see on the browser's URL bar something like:
http://some.local.domain:8080/1/share/fb_login_redirect?#access_token=XXYYZZ&expires_in=6285
But oddly my web service "sees" only:
http://some.local.domain:8080/1/share/fb_login_redirect
I think this is caused by "#" symbol just after "?". As a result I cannot get the access_token through query string.
My web service is a Python WSGI-application. And I have tested serving it with both gunicorn and wsgiref.simple_server. I have debugged the WSGI environment dict and I found out that the partial URL is being passed (not the full one with the query params). So it seems to be a problem while the browser delivers the request info to WSGI environment. BTW, I have tested on Chrome and Firefox; and I'm using MacOS X 10.10.5 .
I would appreciate any help with this.
Thanks.
The hash part of a URL is a purely client-side construct, it never gets send to the server.
You either need to capture the access token client-side (JavaScript), or choose the response_type: code in your login dialog call.