According to RFC 6749 on error response of the implicit grant, the authorization server should add parameters to the fragment component of the redirection URI.
It's already done for access token response on this line, But not for error response. this PR fixes this issue.
PS: This PR also adds $queryDelimiter property to OAuthServerException class to be used on generateHttpResponse() function. The reason behind this is we know if we should use fragment or not when initiating/throwing the exception but not when generating response.
According to RFC 6749 on error response of the implicit grant, the authorization server should add parameters to the fragment component of the redirection URI.
It's already done for access token response on this line, But not for error response. this PR fixes this issue.
PS: This PR also adds
$queryDelimiter
property toOAuthServerException
class to be used ongenerateHttpResponse()
function. The reason behind this is we know if we should use fragment or not when initiating/throwing the exception but not when generating response.