This is done by passing value from child widow to parent window. Every child window which is opened by parent window has reference to his parent which is can be access by:
var parent = window.opener.document.document; // by this you have reference to parent DOM
var someParentElement = parent.getElementById("idOfParentDomElement"); // ex: accessing particular element on parent
So by this you can pass value to parent by accessing it parent:
var childDiv = document.getElemntById("SomeChildDiv").innerHTML;
someParentElement.innerHTML = childDiv // passing html text to parent div
Read more about this here
Receiving access token is part of OAuth flow . Through oauth token is received and passes to parent window by window.opener
and then window.close
called by parent window to close window. After this parent work with Access Token.
Edit: After comments:
Facebook use a postMessage, iframe or flash functionality to handle cross-domain messaging which depend on browser. It includes all.js
which is a key file to handle messages between. You can read more about its mechanism here