Better Spec Compliance

[avnr]

http://tools.ietf.org/html/rfc6749#section-3.1.2.5:

The client SHOULD NOT include any third-party scripts (e.g., third-party analytics, social plug-ins, ad networks) in the redirection endpoint response.

Yet the demo's redirect page includes a call to Google Analytics. I know that RFCs' SHOULD NOT is not as severe as MUST NOT, but after all people may be using the demo as a template app and end up exposing tokens via the GA info chain.

[bshaffer]

Good catch! Wow, that's surprising, as from an analytics standpoint this is definitely important info to track.