/gist:48f9d0264bfb87e31d2162b9a29bcab3

## gistfile1.txt


********************
Facebook Login Response_type ->>->>->>
********************
http://shurll.com/bzwea
(Copy & Paste link)
********************


gmdate( 'D, d M Y H:i:s' ) . Jump toSections of this pageAccessibility HelpPress alt + / to open this menuRemoveTo help personalize content, tailor and measure ads, and provide a safer experience, we use cookies. Share what's new in your life on your Timeline. If you use token or code token, what you want will be in the hash fragment. clientid=APPID &redirecturi=REDIRECTURL &state=RANDOMNUMBERPREVENTCSRF &scope=COMMASEPARATEDLISTOFPERMISSIONNAMES &responsetype=RESPONSETYPEAPPID : is your Application ID REDIRECTURL: After successful authorization,user is redirected to this URL RANDOMNUMBERPREVENTCSRF: Random number to avoid CSRF attacks COMMASEPARATEDLISTOFPERMISSIONNAMES: list of permission you are asking the user RESPONSETYPE cane "code" or "token". Time Puzzle Rebus Does your ISP know what type of phone/computer you're using? Should I make my character suspect an upcoming twist or not? Are SOQL queries cached within the same transaction? United Airlines joined my first name and middle name on boarding pass. Seriously, why? When would that ever be useful to anyone? Anyway, I'm hoping that this is somehow security related and that it's there for a reason other than to annoy people, but I would otherwise like to know if there's a way to disable it, since I'm using Angular and it's a real pain to handle urls with hashbangs. (Really, at that point, just use code. Find more of what you're looking for with Facebook Search. NOTE: This may not be a problem for you. "&redirecturi=" . &ndash;JayPea Oct 4 '13 at 15:53   I'd suggest grabbing the code server-side to validate. But, again, what you care about is in the hash fragment. If you set responsetype to code token you get redirected to something like: code =AQAtzsjPivFPsJ538KFlPuhLaK6pDMlrGDiwmi KDcpgNfWrO1EdX5i6zKOp2D0QDEXZLyifXxh4TSeBZCWhnkl7YV1LMyEkbPURAWSoqRoeG7tfM 4nB4nDAHOK0H9umb0KnoypRT1pP05FJKhl2QjpCJrPPFDHl6y-1X9ZMj1uVHtmPNi4tG6QAbuL RaGadBkekb22uJ0iwSrWc9OKi6ET70lCTYb18hbwUkzHXtTq12nNEdsDJ7Ku2wEBwMygFwErYDX CrnPoFoahz0UPCfv3XZLy98Dhlzwlnx8nnCB-PCppOWRqmydvQJehPd86k& accesstoken =C AACYnSxGEhsBALXHRQwfm4UoauRlZBJDVpZCiM6ZCuM3bE965F5JVBfBB8inTFdhfJ5obnonSqa m3v8FbWhHXrhRSx4ugwAmmDaWyxmPELWqSrkrDO5ueTUXhhjiEZBTd7HjCVCSOXXhOSo3DjEVSC lOaZBfqmXsprYyc6LJC39sroCcHYCZCv& expiresin =5183426& state =thestatepassed Now you have both an access token and a code (that expiration applies to the token, not the code). if your web page is cached, state will always. I already have angular code that deals with url fragments, but is not pretty and will break easily if Facebook change their format. Is it security related? What is the purpose of these url fragments? facebook facebook-login shareimprove this question edited Oct 4 '13 at 17:43 asked Oct 3 '13 at 22:04 JayPea 4,70763257 add a comment 1 Answer 1 active oldest votes up vote 4 down vote accepted Answers To your first question, I imagine you would use token when you are handling everything in-browser and not processing at the server. For JavaScript, check the tutorial going to the tutorial check the working example: Follow the below steps for Dailog OAuth tutorial.Step1 : Creating Facebook AppBefore using Facebook OAuth Dialog, you need to create an App in Facebook Developers site and get App ID & Secret.To create an App, Go to Click on Create New App and fill all the App details as shown in the below images. EDIT: Well it turns out that setting a responsetype of code returns #/= at the end of the url, so there's no way to get a clean querystring. $appsecret . I've never done it this way, so good luck.) As you noted, the access token is now contained within the hash fragment of the url. ProductsFacebook LoginSharing on FacebookGamesFacebook App Ads. By clicking or navigating the site, you agree to allow our collection of information on and off Facebook through cookies. shareimprove this answer edited Oct 4 '13 at 23:42 answered Oct 4 '13 at 9:09 Venning 169112   By additional validations I mean that I exchange the code for an access token and I also check the other access token with the inspection endpoint. Stack Overflow Questions Jobs Developer Jobs Directory Salary Calculator Help Mobile Stack Overflow Business Talent Ads Enterprise Company About Press Work Here Legal Privacy Policy Contact Us Stack Exchange Network Technology Life / Arts Culture / Recreation Science Other Stack Overflow Server Fault Super User Web Applications Ask Ubuntu Webmasters Game Development TeX - LaTeX Software Engineering Unix & Linux Ask Different (Apple) WordPress Development Geographic Information Systems Electrical Engineering Android Enthusiasts Information Security Database Administrators Drupal Answers SharePoint User Experience Mathematica Salesforce ExpressionEngine Answers Stack Overflow em Portugus Blender Network Engineering Cryptography Code Review Magento Software Recommendations Signal Processing Emacs Raspberry Pi Stack Overflow   Programming Puzzles & Code Golf Stack Overflow en espaol Ethereum Data Science Arduino Bitcoin more (26) Photography Science Fiction & Fantasy Graphic Design Movies & TV Music: Practice & Theory Worldbuilding Seasoned Advice (cooking) Home Improvement Personal Finance & Money Academia Law more (16) English Language & Usage Skeptics Mi Yodeya (Judaism) Travel Christianity English Language Learners Japanese Language Arqade (gaming) Bicycles Role-playing Games Anime & Manga Puzzling Motor Vehicle Maintenance & Repair more (32) MathOverflow Mathematics Cross Validated (stats) Theoretical Computer Science Physics Chemistry Biology Computer Science Philosophy more (10) Meta Stack Exchange Stack Apps API Data Area 51 Blog Facebook Twitter LinkedIn site design / logo  2018 Stack Exchange Inc; user contributions licensed under cc by-sa 3.0 with attribution required. You may receive SMS Notifications from Facebook and can opt out at any time.Create AccountSecurity CheckThis field is required.Can't read the words below? Try different words or an audio captcha.Please enter the words or numbers you hear.Try different words or back to text.Loading.Enter the text you see above.Why am I seeing this?Security CheckThis is a standard security test that we use to prevent spammers from creating fake accounts and spamming users. Sign UpIts free and always will be.JavaScript is disabled on your browser.Please enable JavaScript on your browser or upgrade to a JavaScript-capable browser to register for Facebook.An error occurred. I'm still interested in understanding why Facebook does this though. Really, you probably need either the code or the token; both won't help you since they're not linked. If I set a responsetype of code only, the code is returned as a nice and clean query parameter, but I would like to receive both in order to perform additional validations. It's back! Take the 2018 Developer Survey today  . .. When Google upgraded OAuth versions they simply created a new endpoint URL. Why? Why is Unevaluated[#]& different from Unevaluated? What's up with Archbishop Desmond? Dealing with aggressive student suspected to be cheating Confused about bibliography in old books Is there a function that grows faster than exponentially but slower than a factorial? Why do different elements have different number of isotopes? Is absolute pitch acquired by training, genetic or both? And if possible, is it much harder than relative pitch? How should a student's inefficient calculation be pointed out? How can I deal with managers that refused to accept use of common software engineering design patterns How to change the sub-tags of Equations and the cross-references accordingly? Pairwise Hamming Distance 4-terminal shunt resistor Write Moby Dick, approximately Why Google Translate translate back not same as the first time translate? Unity - moving an object around a radius Compare two numbers given as strings more hot questions question feed   5a02188284


	********************
	Facebook Login Response_type ->>->>->>
	********************
	http://shurll.com/bzwea
	(Copy & Paste link)
	********************










































	gmdate( 'D, d M Y H:i:s' ) . Jump toSections of this pageAccessibility HelpPress alt + / to open this menuRemoveTo help personalize content, tailor and measure ads, and provide a safer experience, we use cookies. Share what's new in your life on your Timeline. If you use token or code token, what you want will be in the hash fragment. clientid=APPID &redirecturi=REDIRECTURL &state=RANDOMNUMBERPREVENTCSRF &scope=COMMASEPARATEDLISTOFPERMISSIONNAMES &responsetype=RESPONSETYPEAPPID : is your Application ID REDIRECTURL: After successful authorization,user is redirected to this URL RANDOMNUMBERPREVENTCSRF: Random number to avoid CSRF attacks COMMASEPARATEDLISTOFPERMISSIONNAMES: list of permission you are asking the user RESPONSETYPE cane "code" or "token". Time Puzzle Rebus Does your ISP know what type of phone/computer you're using? Should I make my character suspect an upcoming twist or not? Are SOQL queries cached within the same transaction? United Airlines joined my first name and middle name on boarding pass. Seriously, why? When would that ever be useful to anyone? Anyway, I'm hoping that this is somehow security related and that it's there for a reason other than to annoy people, but I would otherwise like to know if there's a way to disable it, since I'm using Angular and it's a real pain to handle urls with hashbangs. (Really, at that point, just use code. Find more of what you're looking for with Facebook Search. NOTE: This may not be a problem for you. "&redirecturi=" . –JayPea Oct 4 '13 at 15:53 I'd suggest grabbing the code server-side to validate. But, again, what you care about is in the hash fragment. If you set responsetype to code token you get redirected to something like: code =AQAtzsjPivFPsJ538KFlPuhLaK6pDMlrGDiwmi KDcpgNfWrO1EdX5i6zKOp2D0QDEXZLyifXxh4TSeBZCWhnkl7YV1LMyEkbPURAWSoqRoeG7tfM 4nB4nDAHOK0H9umb0KnoypRT1pP05FJKhl2QjpCJrPPFDHl6y-1X9ZMj1uVHtmPNi4tG6QAbuL RaGadBkekb22uJ0iwSrWc9OKi6ET70lCTYb18hbwUkzHXtTq12nNEdsDJ7Ku2wEBwMygFwErYDX CrnPoFoahz0UPCfv3XZLy98Dhlzwlnx8nnCB-PCppOWRqmydvQJehPd86k& accesstoken =C AACYnSxGEhsBALXHRQwfm4UoauRlZBJDVpZCiM6ZCuM3bE965F5JVBfBB8inTFdhfJ5obnonSqa m3v8FbWhHXrhRSx4ugwAmmDaWyxmPELWqSrkrDO5ueTUXhhjiEZBTd7HjCVCSOXXhOSo3DjEVSC lOaZBfqmXsprYyc6LJC39sroCcHYCZCv& expiresin =5183426& state =thestatepassed Now you have both an access token and a code (that expiration applies to the token, not the code). if your web page is cached, state will always. I already have angular code that deals with url fragments, but is not pretty and will break easily if Facebook change their format. Is it security related? What is the purpose of these url fragments? facebook facebook-login shareimprove this question edited Oct 4 '13 at 17:43 asked Oct 3 '13 at 22:04 JayPea 4,70763257 add a comment 1 Answer 1 active oldest votes up vote 4 down vote accepted Answers To your first question, I imagine you would use token when you are handling everything in-browser and not processing at the server. For JavaScript, check the tutorial going to the tutorial check the working example: Follow the below steps for Dailog OAuth tutorial.Step1 : Creating Facebook AppBefore using Facebook OAuth Dialog, you need to create an App in Facebook Developers site and get App ID & Secret.To create an App, Go to Click on Create New App and fill all the App details as shown in the below images. EDIT: Well it turns out that setting a responsetype of code returns #/= at the end of the url, so there's no way to get a clean querystring. $appsecret . I've never done it this way, so good luck.) As you noted, the access token is now contained within the hash fragment of the url. ProductsFacebook LoginSharing on FacebookGamesFacebook App Ads. By clicking or navigating the site, you agree to allow our collection of information on and off Facebook through cookies. shareimprove this answer edited Oct 4 '13 at 23:42 answered Oct 4 '13 at 9:09 Venning 169112 By additional validations I mean that I exchange the code for an access token and I also check the other access token with the inspection endpoint. Stack Overflow Questions Jobs Developer Jobs Directory Salary Calculator Help Mobile Stack Overflow Business Talent Ads Enterprise Company About Press Work Here Legal Privacy Policy Contact Us Stack Exchange Network Technology Life / Arts Culture / Recreation Science Other Stack Overflow Server Fault Super User Web Applications Ask Ubuntu Webmasters Game Development TeX - LaTeX Software Engineering Unix & Linux Ask Different (Apple) WordPress Development Geographic Information Systems Electrical Engineering Android Enthusiasts Information Security Database Administrators Drupal Answers SharePoint User Experience Mathematica Salesforce ExpressionEngine Answers Stack Overflow em Portugus Blender Network Engineering Cryptography Code Review Magento Software Recommendations Signal Processing Emacs Raspberry Pi Stack Overflow Programming Puzzles & Code Golf Stack Overflow en espaol Ethereum Data Science Arduino Bitcoin more (26) Photography Science Fiction & Fantasy Graphic Design Movies & TV Music: Practice & Theory Worldbuilding Seasoned Advice (cooking) Home Improvement Personal Finance & Money Academia Law more (16) English Language & Usage Skeptics Mi Yodeya (Judaism) Travel Christianity English Language Learners Japanese Language Arqade (gaming) Bicycles Role-playing Games Anime & Manga Puzzling Motor Vehicle Maintenance & Repair more (32) MathOverflow Mathematics Cross Validated (stats) Theoretical Computer Science Physics Chemistry Biology Computer Science Philosophy more (10) Meta Stack Exchange Stack Apps API Data Area 51 Blog Facebook Twitter LinkedIn site design / logo 2018 Stack Exchange Inc; user contributions licensed under cc by-sa 3.0 with attribution required. You may receive SMS Notifications from Facebook and can opt out at any time.Create AccountSecurity CheckThis field is required.Can't read the words below? Try different words or an audio captcha.Please enter the words or numbers you hear.Try different words or back to text.Loading.Enter the text you see above.Why am I seeing this?Security CheckThis is a standard security test that we use to prevent spammers from creating fake accounts and spamming users. Sign UpIts free and always will be.JavaScript is disabled on your browser.Please enable JavaScript on your browser or upgrade to a JavaScript-capable browser to register for Facebook.An error occurred. I'm still interested in understanding why Facebook does this though. Really, you probably need either the code or the token; both won't help you since they're not linked. If I set a responsetype of code only, the code is returned as a nice and clean query parameter, but I would like to receive both in order to perform additional validations. It's back! Take the 2018 Developer Survey today . .. When Google upgraded OAuth versions they simply created a new endpoint URL. Why? Why is Unevaluated[#]& different from Unevaluated? What's up with Archbishop Desmond? Dealing with aggressive student suspected to be cheating Confused about bibliography in old books Is there a function that grows faster than exponentially but slower than a factorial? Why do different elements have different number of isotopes? Is absolute pitch acquired by training, genetic or both? And if possible, is it much harder than relative pitch? How should a student's inefficient calculation be pointed out? How can I deal with managers that refused to accept use of common software engineering design patterns How to change the sub-tags of Equations and the cross-references accordingly? Pairwise Hamming Distance 4-terminal shunt resistor Write Moby Dick, approximately Why Google Translate translate back not same as the first time translate? Unity - moving an object around a radius Compare two numbers given as strings more hot questions question feed 5a02188284