var separator; // TODO check that we appropriately use '#' for implicit and '?' for code // (server-side) in an OAuth2 backwards-compatible way if ('token' === scope.appQuery.response_type) { separator = '#'; } else if ('code' === scope.appQuery.response_type) { separator = '?'; } else { separator = '#'; } if (scope.pendingScope.length && !opts.allow) { redirectUri += separator + Oauth3.querystringify({ error: 'access_denied' , error_description: 'None of the permissions were accepted' , error_uri: 'https://oauth3.org/docs/errors#access_denied' , state: scope.appQuery.state }); $window.location.href = redirectUri; return; }