According to http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.1.3 the authorization server must validate that the redirection URI matches the redirection URI used by the authorization server to deliver the authorization code. It currently ignores it. (This is in addition to ignoring the client_secret as describe in issue 25)
According to http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.1.3 the authorization server must validate that the redirection URI matches the redirection URI used by the authorization server to deliver the authorization code. It currently ignores it. (This is in addition to ignoring the client_secret as describe in issue 25)