diff --git a/server/SHServ/Controllers/AuthController.php b/server/SHServ/Controllers/AuthController.php
index ae408d9..be46020 100644
--- a/server/SHServ/Controllers/AuthController.php
+++ b/server/SHServ/Controllers/AuthController.php
@@ -83,8 +83,16 @@
         $context = $_SESSION['gauth_state'][$state]['context'] ?? [];
         $returnTo = $context['return_to'] ?? '/';
         if ($accessToken) {
+            // Insert query string BEFORE hash so window.location.search sees it
+            $hashPos = strpos($returnTo, '#');
+            $hash = '';
+            if ($hashPos !== false) {
+                $hash = substr($returnTo, $hashPos);
+                $returnTo = substr($returnTo, 0, $hashPos);
+            }
             $sep = str_contains($returnTo, '?') ? '&' : '?';
             $returnTo .= $sep . 'access_token=' . urlencode($accessToken) . '&expires_in=' . $expiresIn;
+            $returnTo .= $hash;
         }
         return $this->utils()->redirect($returnTo);
     }