Think through de-duplicating dynamic clients based on their software_id

[TimothyBJacobs]

Right now, the plugin looks for an existing client for the dynamic client by using it's software_id. We should think through the possible ramifications for this, and if it is the correct way to de-duplicate.

For instance, what could happen if an attacker created a client with someone else's software_id.

@rmccue brought up looking at redirect_uris to handle browser based clients ( IIRC ).