Facebook Server-Side Auth: Why does the access token request require a redirect uri?

In the server side auth flow, Facebook does not execute any redirects after the app requests the access token.

So why does th开发者_如何学JAVAe access token request require a redirect_uri parameter?

See section 4.1.1 of the OAuth 2.0 Spec.

redirect_uri is a required paramter when obtaining an access token.

From the spec:

The authorization server MUST:

• Validate the client credentials (if present) and ensure they match the authorization code.
• Verify that the authorization code and redirection URI are all valid and match its stored association.