fix OAuth20Service::extractAuthorization when redirectLocation contains '#' part

kullfar · kullfar · commit bdb25f30d708 · 2017-01-12T17:08:04.000+03:00
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/oauth/OAuth20Service.java b/scribejava-core/src/main/java/com/github/scribejava/core/oauth/OAuth20Service.java
@@ -215,7 +215,11 @@ public DefaultApi20 getApi() {
 
     public OAuth2Authorization extractAuthorization(String redirectLocation) {
         final OAuth2Authorization authorization = new OAuth2Authorization();
-        for (String param : redirectLocation.substring(redirectLocation.indexOf('?') + 1).split("&")) {
+        int end = redirectLocation.indexOf('#');
+        if (end == -1) {
+            end = redirectLocation.length();
+        }
+        for (String param : redirectLocation.substring(redirectLocation.indexOf('?') + 1, end).split("&")) {
             final String[] keyValue = param.split("=");
             if (keyValue.length == 2) {
                 switch (keyValue[0]) {
