Oauth callback problem

I am using OAuth with google data api. We have a portal only for authorized users. So when users are logged in and if they are accessing calendar page, they will be asked if they want to sync their calendars with google calendar. If yes, they will be redirected for authentication. Once user has granted access, google appends OAuth_Token to the callback URL. the callback URL was that of the page of calendar in portal. This url has its query string options encrypted. But when the redirection happens , it takes back to login page of url.

url is like http://aaa.xyz.com/(encrypted part of query string) and after oauth_token is authorized, this url becomes

http://aaa.xyz.com/(encrypted part of query string)&oauth_token. So the user sees the login page after redirection instead of original p开发者_StackOverflow中文版age. How should I handle this in code.

When a user logs in to your site, make sure that the user session "state" is stored in the session, so that when the redirection from Google OAuth returns back to the page, you check if the user "state" is found in the session. If it is, return to last page user visited, else goto login.

That's what I have done when I implemented SSO for a banking site.

You can always use Out of Band OAuth, passing oauth_callback='oob'.

That will make no redirects to your page but show the verifier so the user can copy/paste it in your app.

This is more cumbersome for your users, but if the access tokens expire long enough, it won't be that bad.