Incorrect use of `redirect_uri` in OAuth implementation
The redirect url that's passed in the oauth authentication request contains a parameter with the user/return url: the page where the user should be directed to upon authentication. See here. However, the redirect url should be predefined in the oauth application, meaning it can't contain any parameters and should be constant. If the redirect url is not the same as the predefined urls an error will be thrown when validating the callback request.
I propose we store the return/user url in the Flask session store, the same as we do with the oauth state parameter.