Open Redirect on central.uber.com allows for account takeover

An error in our OAuth2 flow for `central.uber.com` allowed an attacker to leverage an open redirect that allowed for a full account takeover. When logging into `central.uber.com`, the `state` parameter for login.uber.com contained a redirect location instead of a CSRF token. As a result, an attacker could modify the state parameter to have a poisoned `central.uber.com` path which would redirect to a custom domain after login and allow them to steal an account OAuth access token. Thanks, @ngalog!