From 13cf3f8540191552d6005e7000bba6858e5ea2f7 Mon Sep 17 00:00:00 2001 From: Bob Mulder Date: Thu, 19 May 2016 14:22:36 +0200 Subject: [PATCH] Make urldecode clear Mentioned the method to make it more clear and give it more attention. We should prevent issues like #582 ;) --- auth-server-auth-code.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/auth-server-auth-code.md b/auth-server-auth-code.md index 6226d6ff..fcd869d2 100755 --- a/auth-server-auth-code.md +++ b/auth-server-auth-code.md @@ -37,7 +37,9 @@ The client will now send a POST request to the authorization server with the fol * `client_id` with the client identifier * `client_secret` with the client secret * `redirect_uri` with the same redirect URI the user was redirect back to -* `code` with the authorization code from the query string **(remember to url decode it first)** +* `code` with the authorization code from the query string + +Note that you need to decode the `code` query string first. You can do that with `urldecode($code)`. The authorization server will respond with a JSON object containing the following properties: