Allow any valid (per RFC 3986) scheme name in OAuth callback URLs