---
id: bf0fd4cf-7d90-4159-8c09-0bc523a7eb30
type: fix
title: "OAuth callback redirect with URL fragment"
tags: [mantimon-tcg, python, oauth, security]
importance: 0.5
confidence: 0.8
created: "2026-01-28T06:19:13.200899+00:00"
updated: "2026-01-28T06:19:13.200899+00:00"
---

Discord OAuth callback now redirects to frontend with tokens in URL fragment (not query params). Fragment is more secure because it's not sent to server, only accessible by frontend JavaScript. Also fixed deps.py import from get_session_dependency to get_session.