Django HttpResponseRedirect security update breaks iOSFramework support

[Travers]

To combat XSS, Django has altered HttpResponseRedirect to contain a list of allowed_schemes. Since we try to redirect to the indivo-framework scheme as part of our auth flow, this will now cause a SuspiciousOperation Exception to be raised in the patched versions of Django.

[p2]

We can address that when updating the OAuth flow to match SMART 0.6: selecting a record is the correct callback link already, we don't need to go back to the UI server and do a redirect from there.