From 894b4a06022f80343b2d39518f82fe999493ea92 Mon Sep 17 00:00:00 2001
From: Markus Machatschek <mmachatschek@users.noreply.github.com>
Date: Mon, 24 Jun 2019 19:08:52 +0200
Subject: [PATCH] fix(oauth2): correctly handle callback with hash (#394)

---
 lib/schemes/oauth2.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/schemes/oauth2.js b/lib/schemes/oauth2.js
index 389c5d0e0..32b601832 100644
--- a/lib/schemes/oauth2.js
+++ b/lib/schemes/oauth2.js
@@ -1,4 +1,4 @@
-import { encodeQuery } from '../utilities'
+import { encodeQuery, parseQuery } from '../utilities'
 import nanoid from 'nanoid'
 const isHttps = process.server ? require('is-https') : null
 
@@ -133,7 +133,8 @@ export default class Oauth2Scheme {
       return
     }
 
-    const parsedQuery = Object.assign({}, this.$auth.ctx.route.query, this.$auth.ctx.route.hash)
+    const hash = parseQuery(this.$auth.ctx.route.hash.substr(1))
+    const parsedQuery = Object.assign({}, this.$auth.ctx.route.query, hash)
     // accessToken/idToken
     let token = parsedQuery[this.options.token_key || 'access_token']
     // refresh token
@@ -148,7 +149,7 @@ export default class Oauth2Scheme {
 
     // -- Authorization Code Grant --
     if (this.options.response_type === 'code' && parsedQuery.code) {
-      let data = await this.$auth.request({
+      const data = await this.$auth.request({
         method: 'post',
         url: this.options.access_token_endpoint,
         baseURL: process.server ? undefined : false,