d extracting the access token (and other
        parameters) contained in the fragment.

   (F)  The user-agent executes the script provided by the web-hosted
        client resource locally, which extracts the access token.

   (G)  The user-agent passes the access token to the client.

    See `Section 10.3`_ and `Section 10.16`_ for important security considerations
    when using the implicit grant.

    .. _`Implicit Grant`: https://tools.ietf.org/html/rfc6749#section-4.2
    .. _`Section 10.3`: https://tools.ietf.org/html/rfc6749#section-10.3
    .. _`Section 10.16`: https://tools.ietf.org/html/rfc6749#section-10.16
    Ú