Use seperate path to handle oauth callback
This fixes an issue where you'd be taken to an error screen if you refreshed a restricted page while you had a then-invalidated code in your url params
This fixes an issue where you'd be taken to an error screen if you refreshed a restricted page while you had a then-invalidated code in your url params