I am playing with client credentials grant flow described here https://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in-office-365
Here is my initial authorization request: https://login.microsoftonline.com/common/oauth2/authorize?nonce=c43a377e-8b75-4c7f-9fab-300f1dbc76c5&prompt=admin_consent&state=35&redirect_uri=http%3A%2F%2Flocalhost%3A6543%2Fcallback%2Foffice365&response_type=code+id_token&client_id=XXXX&scope=openid
According to the documentation I expect to receive a POST callback with a token in the body. But I actually receive a GET callback like this: http://localhost:6543/callback/office365#code=XXXXX&id_token=XXXXX&state=35&session_state=3a2e2c61-7e71-4f11-a9a6-f1dd8f50aeb6&admin_consent=True
I actually prefer GET over POST but there is a hash sing # instead of question mark ? in the URL, so the parameters are actually not a GET arguments.
Is there anything I can do to receive a valid callback?
