concept redirect_uri in category oauth

This is an excerpt from Manning's book OAuth 2 in Action.
This takes the form of an HTTP redirect to the client’s redirect_uri.
Note that the crafted URI contains a redirect_uri pointing to the attacker’s page, which is a subdirectory of the valid registered redirect URI for the client. The attacker was then able to change the flow to something like what is shown in figure 7.3.
It is extremely important to pay particular attention when choosing the registered redirect_uri when the new OAuth client is created at the authorization server, specifically the redirect_uri must be as specific as it can be. For example, if your OAuth client’s callback is