What to use for redirect_uri parameter

Redirect URLs are a critical part of the OAuth flow. After a user successfully authorizes an application, the authorization server will redirect the user back to the application with either an authorization code or access token in the URL. Because the redirect URL will contain sensitive information, it is critical that the service doesn’t redirect the user to arbitrary locations.

Redirect URL is provided during Application registration process. This is an optional setting, so if the system administrator does not provide a value in redirect URL then the API client can use any valid URL as the redirect URL during the OAuth step 2 (e.g http://www.highq.com). If the system administrator has provided a value in the redirect URL then the API client should always use the exact URL in the rediret_uri parameter. Please note that when using a specific redirect URL the system administrator should provide the redirect_uri along with client id and secret key. 

Reference : https://www.oauth.com/oauth2-servers/redirect-uris/