fix broken backward compatibility

(by default, keep the same callback_url in callback_phase and request_phase)

Author: zmajstor

lib/omniauth/strategies/oauth2.rb

@@ -29,6 +29,7 @@ def self.inherited(subclass)
       option :token_options, []
       option :auth_token_params, {}
       option :provider_ignores_state, false
+      option :include_query_string, false
 
       attr_accessor :access_token
 
@@ -86,7 +87,8 @@ def callback_phase # rubocop:disable AbcSize, CyclomaticComplexity, MethodLength
 
       def build_access_token
         verifier = request.params["code"]
-        client.auth_code.get_token(verifier, {:redirect_uri => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params))
+        url = options.include_query_string ? callback_url : (full_host + script_name + callback_path)
+        client.auth_code.get_token(verifier, {:redirect_uri => url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params))
       end
 
       def deep_symbolize(options)