wrap_callback matching

[Marius Scurtescu]

It is not clear from the spec how exactly the callback URL is matched
against the registered one.

My understanding is that the matching rules are Authorization Server
specific, and clients using a specific server must play by those
rules. If that's the case, maybe the spec should make it explicit.

As a side question, why not require strict equality when matching,
clients can always use wrap_client_state?

Marius