FastAPI RedirectResponse lost Authorization header when getting authorization code from the /authorize endpoint

I’m writing a POC with FastAPI as backend. After I login with Okta, The authorization code returned in the form of: http://127.0.0.1:8000/authorization-code/callback?code=hreOS9zj6fulzaozfdqrRc2aBwUDk_GzMeLWt7lqhQw&state=YsG76jo1

So my callback URI is: http://127.0.0.1:8000/authorization-code/callback. But I wasn’t able to retrieve the authorization code: hreOS9zj6fulzaozfdqrRc2aBwUDk_GzMeLWt7lqhQw&state=YsG76jo1 from the authorization header.

Please let me know if I am mistaken and the authorization code should be somewhere else and not in the authorization header. Thank you!

@app.get("/login")

async def log_in_with_okta():

redirect_url = create_authorize_url(

base_url=config(‘OKTA_ISSUER’),

client_id=config(‘OKTA_CLIENT_ID’),

response_type=‘code’,

scope=‘openid profile’,

redirect_uri=‘http://127.0.0.1:8000/authorization-code/callback’,

nonce=‘YsG76jo’,

state=‘YsG76jo1’

)

response = RedirectResponse(redirect_url)

return response

@app.get("/authorization-code/callback")

async def sso_oidc(request: Request):

try:

headers = request.headers

print(request.headers)

if ‘Authorization’ in headers:

print(headers[‘Authorization’])

** It is not in the authorization header

return {“Hello”: “Second Path”}

except Exception as e:

print(request.form)

raise e

Hi @miahuang! I see it under query string parameters instead - please see oauth 2.0 - OAuth2: query string vs. fragment - Stack Overflow. You can let the authorization server know to return the query response by setting response_mode=query in your /authorize request.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.