GET /oauth/authorize doesn't validate oauth_token parameter

[evanp]

If you pass no oauth_token, or an invalid oauth_token, to /oauth/authorize, the authenticate handler will be called regardless.

It may be useful to validate these before calling the authenticate handler.

Another option is to let the authenticate handler do the validation (which I think is the design right now).