form_post sends the token response as a form post instead of a fragment encoded redirect  

 In this mode, Authorization Response parameters are encoded as HTML form values that are auto-submitted in the User Agent, and thus are transmitted via the HTTP POST method to the Client, with the result parameters being encoded in the body using the application/x-www-form-urlencoded format. The action attribute of the form MUST be the Client's Redirection URI. The method of the form attribute MUST be POST

After authentication and approval by the End-User, the Authorization Server issues the Authorization Response which results in an HTTP POST to the Client: