Why I need to include redirect_uri into access_token request url?
Here it explains you need to put it and I have tested - it is a mandatory and it needs to be exact same as callback url from Oauth Application. If you do not include it, you will get error “The redirect URI included is not valid.”
So why? There already is an application id in request url. It is pretty much enough to identify application correctly.
Same oauth flow in github and bitbucket does not require redirect uri to be included in url.
It is more of a suggestion for improvement than a question.