feat(oauth2): strict string matching for redirect_uri

[oioki]

Enforcing strict string matching for redirect_uri for more secure OAuth2 flows according to best practices:

• https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#section-10-4.2.1
• https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.1.3

[oioki]

First three examples are normalized to / by user agents. However, the last one is //, considered a different URL:

$ curl -v http://example.com/ 2>&1 | grep GET
> GET / HTTP/1.1
$ curl -v http://example.com 2>&1 | grep GET
> GET / HTTP/1.1
$ curl -v http://example.com/. 2>&1 | grep GET
> GET / HTTP/1.1
$ curl -v http://example.com// 2>&1 | grep GET
> GET // HTTP/1.1

[oioki]

When it's not root of the domain, then the path with and without slash are considered different:

$ curl -v http://example.com/path 2>&1 | grep GET
> GET /path HTTP/1.1
$ curl -v http://example.com/path/ 2>&1 | grep GET
> GET /path/ HTTP/1.1

[getsantry]

This pull request has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you add the label WIP, I will leave it alone unless WIP is removed ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

[getsantry]

This pull request has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you add the label WIP, I will leave it alone unless WIP is removed ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #82294      +/-   ##
==========================================
+ Coverage   87.60%   87.65%   +0.04%     
==========================================
  Files        9647     9502     -145     
  Lines      545335   543030    -2305     
  Branches    21428    21009     -419     
==========================================
- Hits       477732   475983    -1749     
+ Misses      67260    66641     -619     
- Partials      343      406      +63     

[getsantry]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you remove the label Waiting for: Community, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

[getsantry]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you remove the label Waiting for: Community, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

[getsantry]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you remove the label Waiting for: Community, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

[oioki]

Superceded by #99003