How to handle the error : The redirect URIs must not contain a fragment identifier.
Remove everything after the
# and you should be good to go.
Removing the # works.
My main requirement is to land the user directly on pinboards page (part after the #) though.
What you are doing is unclear.
Anything after the fragment represented as
# will not be retrievable by the server. It looks like you are trying to do an authorization code flow (server-side flow) so you would never be able to read the authorization code.
Can you go into a little more information into what you are building (frontend / backend) are you trying to get an access token into your SPA to call an API? Or are you trying to create a server-side session for the application as a whole?
I have a similar situation. My SPA grabs the code query parameter and passes it to my backend to handle user account creation, get refresh tokens etc. I’m currently using a fragment identifier with the Salesforce oauth redirect flow and its working fine. Why do you prevent fragments for callbacks?
Salesforce returns something that looks like: