use history api to remove token from url

[manfredsteyer]

Describe the bug
Currently, the lib uses location.hash to remote the received token from the url. However, this is triggering the Angular router and can lead to race conditions with other routing requests.

To Reproduce
Steps to reproduce the behavior:

1. Use official example
2. Use router.navigate on token_received event
3. You get an race condition with the router

Expected behavior
router.navigate should work

Further notes
We should add an example that shows how to reroute the user to the originally requested url after login.

[jeroenheijmans]

This would chop off IE9 support (which is on the list for Angular itself but not the history API it seems).

(I'm personally fine with that - don't even know if IE9 works currently. Just a heads up.)

[vadjs]

Angular team planing to drop IE support (including IE 11) in next year. So, if IE 9 support will be dropped with this feature, i think it will be good.

[manfredsteyer]

Ah, good point @jeroenheijmans.