In the OpenID Connect client definition, I am using the following URL: https://<hostname>/path/#/login as the redirect URI.
I noticed that the # sign is a problem when I use the authorize endpoint. It returns invalid URI.
The error is FBTOAU210E: The redirect URI provided in the request: [...] is either invalid, or does not meet matching criteria against the registered redirection URI.

If I remove the hash sign, everything works fine!

Is it possible to fix this problem? How?​

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Hi Joao,

That is probably because the # sign is never supposed to be sent by a browser. Everyhing behind the # can be accessed by javascripts (window.location.hash), but is not supposed to be sent to the servers. It is for example used in the OAuth implicit flow. It is a method to send confidential information to a client in a redirect (302), which will not appear in access logs because the browser will remove it before making the redirect.
So I suppose the ISVA runtime considers this character not valid for an URL.
​​

------------------------------
Laurent LA Asselborn
------------------------------

Original Message:
Sent: Tue December 15, 2020 07:09 AM
From: Joao Goncalves
Subject: OpenID Redirect URL characters

In the OpenID Connect client definition, I am using the following URL: https://<hostname>/path/#/login as the redirect URI.
I noticed that the # sign is a problem when I use the authorize endpoint. It returns invalid URI.
The error is FBTOAU210E: The redirect URI provided in the request: [...] is either invalid, or does not meet matching criteria against the registered redirection URI.

If I remove the hash sign, everything works fine!

Is it possible to fix this problem? How?​

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Hi Joao,

please have a look at: https://tools.ietf.org/html/rfc6749#section-3.1.2

You will find there the statement:

"The endpoint URI MUST NOT include a fragment component."

Kind regards,
Frank

------------------------------
Frank Thurau
------------------------------

Original Message:
Sent: Tue December 15, 2020 07:09 AM
From: Joao Goncalves
Subject: OpenID Redirect URL characters

In the OpenID Connect client definition, I am using the following URL: https://<hostname>/path/#/login as the redirect URI.
I noticed that the # sign is a problem when I use the authorize endpoint. It returns invalid URI.
The error is FBTOAU210E: The redirect URI provided in the request: [...] is either invalid, or does not meet matching criteria against the registered redirection URI.

If I remove the hash sign, everything works fine!

Is it possible to fix this problem? How?​

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Thanks a lot. I really helped!

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: Wed December 16, 2020 04:43 AM
From: Frank Thurau
Subject: OpenID Redirect URL characters

Hi Joao,

please have a look at: https://tools.ietf.org/html/rfc6749#section-3.1.2

You will find there the statement:

"The endpoint URI MUST NOT include a fragment component."

Kind regards,
Frank

------------------------------
Frank Thurau

Original Message:
Sent: Tue December 15, 2020 07:09 AM
From: Joao Goncalves
Subject: OpenID Redirect URL characters

In the OpenID Connect client definition, I am using the following URL: https://<hostname>/path/#/login as the redirect URI.
I noticed that the # sign is a problem when I use the authorize endpoint. It returns invalid URI.
The error is FBTOAU210E: The redirect URI provided in the request: [...] is either invalid, or does not meet matching criteria against the registered redirection URI.

If I remove the hash sign, everything works fine!

Is it possible to fix this problem? How?​

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

URL fragments (#) are not allowed in OAuth/OpenID Connect redirect URL. https://tools.ietf.org/html/rfc6749#section-3.1.2

The redirection endpoint URI MUST be an absolute URI as defined by [RFC3986] Section 4.3. The endpoint URI MAY include an "application/x-www-form-urlencoded" formatted (per Appendix B) query component ([RFC3986] Section 3.4), which MUST be retained when adding additional query parameters. The endpoint URI MUST NOT include a fragment component.

------------------------------
WeiDe Victor Soon
------------------------------

Original Message:
Sent: Tue December 15, 2020 07:09 AM
From: Joao Goncalves
Subject: OpenID Redirect URL characters

In the OpenID Connect client definition, I am using the following URL: https://<hostname>/path/#/login as the redirect URI.
I noticed that the # sign is a problem when I use the authorize endpoint. It returns invalid URI.
The error is FBTOAU210E: The redirect URI provided in the request: [...] is either invalid, or does not meet matching criteria against the registered redirection URI.

If I remove the hash sign, everything works fine!

Is it possible to fix this problem? How?​

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------