Auth providers like Facebook and Google tend to add garbage fragments onto OAuth 2.0 redirect URIs to stop malicious fragments being maintained through the flow. This change ensures that those fragments aren't mistakenly used to attempt to complete login. If the fragment contains a code, token or error, it is assumed to be the correct place to find data provided by the auth provider.bubble