I'm using ExpressJS and Supabase Auth to create a Sign In with Google Button. So, after a user click on a button, it will be redirect to the route "/login/google" and their, will be redirect to Google Accounts Forms to select the account the user prefer and then, redirect back to "/login/google/callback" where i will need to get the access_token and refresh_token from url to setSession.
The problem is the return URL contains a "#" instead of "?" so its impossible to i get the params from server side.
Returned URL Example: http://localhost:3000/login/google/callback#access_token=XXX&expires_at=XXX&expires_in=XXX&provider_token=XXX&refresh_token=XXX&token_type=bearer
URL that appears on "Select Account" from Google:
https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?client_id=XXX&redirect_to=http%3A%2F%2Flocalhost%3A3000%2Flogin%2Fgoogle%2Fcallback&redirect_uri=<SUPABASE_URL_WITH_PROJECT_ID>&response_type=code&scope=email%20profile&state=XXX&service=lso&o2v=2&theme=glif&flowName=GeneralOAuthFlow
My Code:
app.get('/login/google', async (req, res) => {
const { data, error } = await supabase.auth.signInWithOAuth({
provider: 'google',
options: {
redirectTo: 'http://localhost:3000/login/google/callback',
scope: ' profile email',
},
});
res.redirect(data.url);
});
I've already checked lots of posts with the problem that im having but the solution was to change the response_type to code instead of token, but mine is already code.