AuthorizationResponse does not support Implicit flow for RESPONSE_TYPE_TOKEN

[SeanLMcCullough]

Expected Behavior

When using response_type: AuthorizationRequest.RESPONSE_TYPE_TOKEN for implicit flow, the authorization notifier should be invoked with complete response containing the tokens, not just the cherry-picked code and state which are relevant only to authorization code flow.

Describe the problem

The current behaviour assumes that the response payload is for AuthorizationRequest.RESPONSE_TYPE_CODE, and only returns the properties expected for an authorization code flow. When using implicit flow and a successful authorization occurs, the tokens are not sent to the authorization notifier.

AuthorizationResponse also lacks the required properties and appears to only support RESPONSE_TYPE_CODE, despite the requests support for RESPONSE_TYPE_TOKEN.

RESPONSE_TYPE_TOKEN is effectively ignored, despite this being an option and configurable value in AuthorizationRequest.

[REQUIRED] Steps to reproduce the behavior

Following the same code example as the example in the README with the following differences.

1. Perform an implicit authorization flow with response_type: AuthorizationRequest.RESPONSE_TYPE_TOKEN
2. Observe the response in the authorization notifier that the tokens are not included in AuthorizationResponse

[REQUIRED] Environment

• AppAuth-JS version: 1.3.1
• AppAuth-JS Environment (Node, Browser (UserAgent), ...): Google Chrome, Vue.JS PWA
• Source code snippts (inline or JSBin)

this.authorizationRequest = new AuthorizationRequest({
  client_id: '~~redacted~~',
  redirect_uri: '~~redacted~~',
  scope: 'openid profile email phone',
  response_type: AuthorizationRequest.RESPONSE_TYPE_TOKEN,
  state: undefined,
  extras: {}
})