As Barry said, with the implicit flow that is intentional and because of the nature of that has drawbacks and limitations, such as no ability to refresh the token (meaning you have to get the user to go through the auth process each time the token expires), and a shorter expiration.
If you use the Authorization Code flow, rather than getting redirected and having the token in the querystring param, you have a code instead which your server can exchange for an access token (and only your server can do this as it requires your client secret which the end user should never know). This also has the advantage of giving you a refresh token so that if the token expires you can refresh it without user interaction.