todo: rectify this design
Some servers may wish to override this with custom redirect_url validation rules.
Some servers may wish to override this with custom redirect_url
validation rules. We are being lenient here by checking the base
of the registered redirect_uri. The spec recommends using the state
param for per-request customization.
true if valid, false otherwise
http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-1.1