Show redirect destination domain on consent screen for phishing awareness

[leodip]

Problem

The consent screen does not display where the user will be redirected after authorization. Security-conscious users have no way to verify
that the redirect destination matches their expectations, making phishing attacks harder to detect.

While redirect URIs are strictly validated against pre-registered values, users cannot verify this themselves.

Current Behavior

The consent screen shows:

• Client identifier
• Client description
• Requested scopes/permissions

It does not show:

• Where the user will be sent after authorization
• The redirect URI domain

Proposed Solution

1. Pass redirect_uri (or just the domain/origin) to the consent template
2. Display it in a non-intrusive way (e.g., "You will be redirected to: example.com")
3. Consider highlighting if the domain differs from a "primary" client domain

Example UI Addition

After authorization, you will be redirected to: {{.redirectDomain}}

Security Considerations

• Only display the domain/origin, not the full URI (which may contain sensitive query params)
• This is informational only — validation still enforced server-side
• Helps users identify suspicious redirects (e.g., examp1e.com vs example.com)