When using auth_code grant, code redirects with query params, token with hash

[facultymatt]

When you request an auth_code grant, there is a difference in the redirect between code and token.

Code: https://github.com/jaredhanson/oauth2orize/blob/master/lib/grant/code.js#L138

Token: https://github.com/jaredhanson/oauth2orize/blob/master/lib/grant/token.js#L145

What is the reasoning for this difference?

[paroga]

Check the sections about Authorization Code Grant and Implicit Grant in RFC6749 for more information.