redirect uri on error (e.g. AuthCanceled) may contain two question marks, thus sending the wrong exception

[honestbleeps]

I'm using django-oauth-toolkit along with python-social-auth and of course oauthlib which is a requirement of both, and I've run into an issue when the user clicks the "cancel" button.

The wrong exception may occur because of a redirect problem. When the user clicks "cancel", if the redirect_uri contains any URL parameters, an incorrect state error is given instead of AuthCanceled, because the URI ends up something like:

http://example.com?redirect_state=SOME_STATE_TOKEN?error=access_denied

Note the two question marks here. This is due to an issue in mixins.py - a pull request that fixes this is forthcoming.