Absolute URL to send the browser to — the client's redirect_uri with a code (approved) or error (denied / failed). Null only when errors is non-empty and no safe redirect target exists.