I am reading the Google's documentation about OpenId Connect https://developers.google.com/accounts/docs/OAuth2Login
What I don't get is the purpose of the redirect_uri parameter during "4. Exchange code for access token and ID token".
The access token is returned in the response to HTTP Post request itself so I don't get the purpose of redirect_uri.
Can somebody explain?
In the oAuth spec "Access Token Request" it is mentioned that the redirect-uri is required if the "redirect_uri" parameter was included in the authorization request. In this case, the oauth-src checks that the uri's are identical.