It's not possible to read fragment since it's not send to server (and VK probably do this for improved security of auth process) your option is to use JavaScript:
<script>
if(window.location.hash) {
//Puts hash in variable, and removes the # character
var hash = window.location.hash.substring(1);
// hash found
alert (hash);
} else {
// No hash found
}
</script>