Validating redirect_uri according to rfc6749 4.1.3

[almirbi]

https://tools.ietf.org/html/rfc6749#section-4.1.3

Check whether redirect_uri matches the one in the initial request;

validate_redirect_uri function does not return a registered callback from the DB anymore, if no redirect_uri has been given, as it is an optional parameter. The name of the function did not explain the behaviour well.

#17

[almirbi]

@rmccue fixed it up a bit as suggested.

Also if there was no redirect_uri in the initial auth request, but there is one in the access token request and it matches the callbacks registered with the client - it's fine, just for convenience reasons.