When a client doesn't request a redirect_uri in an authorization request, oauthlib calls get_default_redirect_uri, and passes this to save_authorization_code. So far, so good.

However, when the redirect is performed, confirm_redirect_uri is called with None as redirect_uri. This doesn't match the redirect_uri saved earlier. Is this intended behavior? It felt wrong for me to have to check for None myself, and repeat getting the default URI from the client datastruct again.