Using implicit auth the redirect URL should be the URL the auth is initiated from, as the user will end up in [redirect url]#access_token=something&state=and-so-on....
Using implicit auth the redirect URL should be the URL the auth is initiated from, as the user will end up in [redirect url]#access_token=something&state=and-so-on....