If multiple redirection URIs have been registered, if only part of

   the redirection URI has been registered, or if no redirection URI has

   been registered, the client MUST include a redirection URI with the

   authorization request using the "redirect_uri" request parameter.

​

   When a redirection URI is included in an authorization request, the

   authorization server MUST compare and match the value received

   against at least one of the registered redirection URIs (or URI

   components) as defined in [RFC3986] Section 6, if any redirection

   URIs were registered.  If the client registration included the full

   redirection URI, the authorization server MUST compare the two URIs

   using simple string comparison as defined in [RFC3986] Section 6.2.1.