It seems this is handled in the Mojolicious Plugin but this module doesn't concern itself with it, that seems to be wrong if this module is to be a generic solution. Should probably move the response_type handling/checking from the Mojolicious Plugin module down into this module to simplify the Mojolicious Plugin and make this module more complete.
According to the RFC this is a requirement in the Implicit and Auth Code grant flows: https://tools.ietf.org/html/rfc6749#section-3.1.1
It seems this is handled in the Mojolicious Plugin but this module doesn't concern itself with it, that seems to be wrong if this module is to be a generic solution. Should probably move the response_type handling/checking from the Mojolicious Plugin module down into this module to simplify the Mojolicious Plugin and make this module more complete.