OAuth validates redirect_uri

This patch adds two tests for no-or-malformed redirect URI's,
and the necessary updates to our auth API to handle them. In
this case, we are intentionally responding with JSON, because
this kind of an error response shouldn't really ever happen
when an engineer is not present.

Change-Id: Ifffe241b468652967dccc8ca6f8d7c424c122ca2

storyboard/common/decorators.py

@@ -70,6 +70,6 @@ def oauth_exceptions(func):
                     'error_description': error_description
                 }
                 response.body = json.dumps(error_body)
-                abort(o_exc.code, error_description)
+                abort(o_exc.code, error_description, json_body=error_body)
 
     return decorate