PHP code cannot see query string param on return in Facebook oAuth flow

Question

I am doing some integration with Facebook Open Graph using their oAuth flow and having issues with parsing query string parameters they return.

On my callback URL, they pass back an "access_token" parameter with a hash (#). so the callback would be:

http://mydomain.com/callback.php#access_token=foobar123

where foobar123 is my access token I'm trying to parse out.

However, no matter what I do, my PHP code cannot see if and I've done every debug trick I know (even using phpinfo() to go through everything). The URL is stated only as http://mydomain.com/callback.php. It's as if the rest of the URL isn't really there!

This code returns nothing:

$token = $_REQUEST['access_token'];

Any help would be greatly appreciated... I'm obviously missing something simple.

Answer 1

Everything after # character is available only on the client side. You can try use javascript to access this value and store it in cookie or redirect user to the different URL. Some mock-up:

<script type="text/javascript">
var token = 'foo'; // In real, get value by parsing URL
window.location ('http://mydomain.com/callback.php?token=' + token);
</script>

Answer 2

The url fragment (the part after #) is never passed to the server and so the PHP script would never see it. The way you can handle it is using javascript on callback page which would take the url's hash part and post it to another page as query string parameter.

callback1.php

<script type="text/javascript">
   var h = window.location.hash;
   window.location = 'http://example.com/callback2.php?'+h;
</script>

callback2.php

<?php
    $access = $_GET['access_token'];
?>

Although I'd suggest you have a look at Facebook Javascript and PHP SDK for what you're trying to do. All the basic oAuth functionality is already built in there.