Azure active directory - adal authentication - bearer token in querystring

Question

Azure active directory - adal authentication - bearer token in querystring

rasikawaykar 1

I am successfully authenticating to AngularJs ADAL-based app with Azure Active Directory using adal-angular package [https://www.npmjs.com/package/adal-angular]. As soon as I authenticate, the Token is appended to the URL in a query string.

http://localhost:4200/dashboard#id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1...

Is there a way to prevent the token from displaying in the Url?

1 answer

Your answer

Answer 1

Hi @rasikawaykar · Thank you for reaching out.

The response that you get depends on the response_mode parameter in your authentication request. To avoid getting token as query string, set response_mode to form_post

The response_mode parameter specifies the method that should be used to send the resulting token back to your app. Can be one of the following:

query : provides the token as a query string parameter on your redirect URI
fragment : provides the token as a query string parameter on your redirect URI
form_post : executes a POST containing the token to your redirect URI.

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

rasikawaykar 1 Reputation point

2021-06-03T11:29:27.513+00:00

Thank you so much for your immediate response.

Could you please tell me where I can set it as I'm using the login method directly of adal-angular package?

Share via

Azure active directory - adal authentication - bearer token in querystring

1 answer

Your answer