Remove AuthSub token from URL after redirect

986 views Asked by At

When using AuthSub authentication, after the user logs into a Google service they are redirected back to the original page with a authentication token in the URL:

http://www.example.com/?token=XXXXXXXXXXXXXXXXXXX

Is it possible to remove this token when the page is redirected?

Additionally, why isn't the success callback function being executed when the making this GET request (to the AuthSub page) with Jquery's $.get function?

1

There are 1 answers

0
Markus Hedlund On

Yes it is possible to remove the token. Just redirect the page after you've saved the token.

if (isset($_GET['token'])) {
    saveToken($_GET['token']);
    header('Location: /?displaySuccess=1');
    exit;
}

You need to redirect the client browser to the AuthSub page, because they need to sign in with their Google Account. Using an Ajax request won't work.