Each value for
response_mode delivers different behavior:
form_postsends the token response as a form post instead of a fragment encoded redirect . In this mode, Authorization Response parameters are encoded as HTML form values that are auto-submitted in the User Agent, and thus are transmitted via the HTTP POST method to the Client, with the result parameters being encoded in the body using the application/x-www-form-urlencoded format. The action attribute of the form MUST be the Client's Redirection URI. The method of the form attribute MUST be POST.
fragment- Parameters are encoded in the URL fragment added to the
redirect_uriwhen redirecting back to the client.