OAuth: Fix for multiple redirect_uris

[sugyan]

In the client metadata, multiple redirect_uri can be specified,

const clientMetadata: OAuthClientMetadata = {
  client_id: "https://oauth.example.com/client.json",
  response_types: ["code"],
  grant_types: ["authorization_code"],
  redirect_uris: [
    "https://oauth.example.com/callback1",
    "https://oauth.example.com/callback2",
  ],
};

Any value contained in the redirect_uris can be used in the options of the OAuthClient.authorize() method.

const client = new OAuthClient({
  clientMetadata,
  responseMode: "query",

  ...

});
const authorization_url = await client.authorize(input, {
  scope: "atproto",
  redirect_uri: "https://oauth.example.com/callback2",
});

However, even in the above case, the current implementation automatically selects and sends this.clientMetadata.redirect_uris[0] in the token request, so even if the redirected params are correctly obtained, exchangeCode() returns the following error.

{"error": "invalid_grant", "error_description": "This code was issued for another redirect_uri"}

Actually, the callback() method does not receive the redirect_uri, so I think the only way to get the value of the redirect_uri used in the PAR is through stateStore.

[matthieusieben]

I would be fine with incorporating something like this only it should be optional, especially for clients that only have one redirect uri.

[sugyan]

Thank you for responding to my pull request!
I changed the redirectUri stored in the stateStore to an optional one. The same behavior as before is achieved by implementing the following: save only when the value is not equal to this.clientMetadata.redirect_uris[0], and use this.clientMetadata.redirect_uris[0] as the default value if there is no value when retrieving.
This will avoid wasting space in the stateStore since the value is saved only in special cases.