I am using Django OAuth toolkit and using the following code for OAuth implementation

Application = get_application_model()

def oauth_login(request):
    app = Application.objects.get(name="App")
    #redirect_uri = request.GET.get("redirect_uri", "http://test.com:8000/callback")
    #redirect_uri = request.GET.get("redirect_uri", "http://test.com:8002/malicious_redirect.html")
    redirect_uri = request.POST.get("redirect_uri", "http://test.com:8002/malicious_redirect.html")
    
    authorization_url = (
        f"http://test.com:8000/o/authorize/?client_id={app.client_id}&response_type=code&redirect_uri={redirect_uri}"
    )
    return redirect(authorization_url)

def oauth_callback(request):
    code = request.GET.get("code")
    
    if not code:
        return JsonResponse({'error': 'missing_code', 'details': 'Missing code parameter.'}, status=400) 

    token_url = "http://test.com:8000/o/token/"
    client_id = Application.objects.get(name="App").client_id
    client_secret = Application.objects.get(name="App").client_secret
    #redirect_uri = request.GET.get("redirect_uri", "http://test.com:8002/callback")
    redirect_uri = request.GET.get("redirect_uri", "http://test.com:8002/unique_redirect.html")
    
    data = {
        "grant_type": "authorization_code",
        "code": code,
        "redirect_uri": redirect_uri,
        "client_id": client_id,
        "client_secret": client_secret,
    }
    
    headers = {
        'Content-Type': 'application/x-www-form-urlencoded',
        'Authorization': f'Basic {base64.b64encode(f"{client_id}:{client_secret}".encode()).decode()}',
    }
    
    response = requests.post(token_url, data=data, headers=headers)
    tokens = response.json()
    print(tokens)
    if response.status_code != 200:
        return JsonResponse({'error': 'token_exchange_failed', 'details': tokens}, status=response.status_code)
    
    request.session['access_token'] = tokens['access_token']
    request.session['refresh_token'] = tokens['refresh_token']
    
    return JsonResponse(tokens)
   #return redirect('profile')

The problem is that if I am logged into the OAuth 2.0 admin panel with superuser credentials, the above code works fine and redirects to the provided URL. Otherwise it doesn’t work and uses the LOGIN_REDIRECT_URL = '/profile/' from settings.py.

What could be the reason?