Validates that the authorization redirects do not happen over http or other insecure protocol. This does not include the final redirect, denoted by the redirect URI.