How to get rid of the #_=_ in the facebook redirect of django-social-auth?
Well, this may not be the exact solution, but adding following script to you head would help in fixing the problem:
<script type="text/javascript"> if (window.location.hash == '#_=_') { window.location.hash = ''; }</script>
Looks like Facebook always appends the '#_=_' even if the redirect_uri is supplied. Since this behaviour is contrary to Facebook's blog post this functionality has been submitted to Facebook as a bug. Facebook has provided an official response to this bug claiming that appending the '#_=_' is a design feature that prevents a potential security flaw.
Facebook provides the following advice for dealing with the unwanted uri fragment, "If the aesthetics, or client-side behavior, of the resulting URL are of concern, it would be possible to use window.location.hash (or even a server-side redirect of your own) to remove the offending characters."
It appears that the javascript provided above is a valid solution, even if it is a bit hacky.
<script type="text/javascript"> if (window.location.href.indexOf('#') > -1) { window.location.href = '/'; }</script>