I am trying to do a Silent Authorization GET request and am receiving the access token in my redirect URI with a # instead of the conventional ? query string parameter.
When I look at the documentation this seems to be intentional by Auth0. Why is it intentionally deviating from querystring conventions by not using ? instead of #?
https://login-test.mywebsite.com/authorize?response_type=token&prompt=none&audience=api.tst-mywebsite-app.com&client_id=9acc912792e7490e85af808db6f56b5&redirect_uri=https://my-test.mywebsite.com/IdP/ParsePermissions.aspx
For example the above GET request will respond with the following redirect
https://my-test.mywebsite.com/IdP/ParsePermissions.aspx#access_token={some_jwt_response}&expires_in=3600&token_type=Bearer
But why not return it as a query parameter? I cannot wrap my head around the reason to send it with a #
https://my-test.mywebsite.com/IdP/ParsePermissions.aspx?access_token={some_jwt_response}&expires_in=3600&token_type=Bearer