Original OAuth 2.0 spec: https://datatracker.ietf.org/doc/html/rfc6749#section-3.1.2.2

Update for threat model and security considerations: https://www.rfc-editor.org/rfc/rfc6819#section-5.2.3.3

The original spec allowed for query strings to be dynamic in redirect urls, but the update no longer allows them because they create potential security vulnerabilities. From this I would conclude that the query string is meant to be removed entirely. If that's the case, it makes `OidcRequestAuthenticator.stripOauthParametersFromRedirect()` redundant. It may also be appropriate to allow the redirect_url to be defined in the config, so Elytron doesn't need to derive it from the url which the user arrives at after authenticating.

(see https://issues.redhat.com/browse/ELY-2242)