diff --git a/src/services/authFlow/AuthFlow.js b/src/services/authFlow/AuthFlow.js
index d79e4b0..001b884 100644
--- a/src/services/authFlow/AuthFlow.js
+++ b/src/services/authFlow/AuthFlow.js
@@ -23,7 +23,12 @@ export default class AuthFlow {
     }
 
     setStore(store) {
-        this.navigate = (route) => {
+        /**
+         * @param {string} route
+         * @param {object} options
+         * @param {object} options.replace
+         */
+        this.navigate = (route, options = {}) => {
             if (this.getRequest().path !== route) {
                 this.currentRequest = {
                     path: route
@@ -32,7 +37,7 @@ export default class AuthFlow {
                 if (this.replace) {
                     this.replace(route);
                 }
-                store.dispatch(routeActions.push(route)); // TODO: may be deleted?
+                store.dispatch(routeActions[options.replace ? 'replace' : 'push'](route));
             }
 
             this.replace = null;
diff --git a/src/services/authFlow/PermissionsState.js b/src/services/authFlow/PermissionsState.js
index 9961b8e..812aa84 100644
--- a/src/services/authFlow/PermissionsState.js
+++ b/src/services/authFlow/PermissionsState.js
@@ -3,7 +3,11 @@ import CompleteState from './CompleteState';
 
 export default class PermissionsState extends AbstractState {
     enter(context) {
-        context.navigate('/oauth/permissions');
+        context.navigate('/oauth/permissions', {
+            // replacing oauth entry point if currently on it
+            // to allow user easy go-back action to client's site
+            replace: context.getRequest().path.includes('oauth2')
+        });
     }
 
     resolve(context) {
diff --git a/tests/services/authFlow/PermissionsState.test.js b/tests/services/authFlow/PermissionsState.test.js
index 2826130..239dbe2 100644
--- a/tests/services/authFlow/PermissionsState.test.js
+++ b/tests/services/authFlow/PermissionsState.test.js
@@ -22,7 +22,25 @@ describe('PermissionsState', () => {
 
     describe('#enter', () => {
         it('should navigate to /oauth/permissions', () => {
-            expectNavigate(mock, '/oauth/permissions');
+            context.getRequest.returns({
+                path: '/'
+            });
+
+            expectNavigate(mock, '/oauth/permissions', {
+                replace: false
+            });
+
+            state.enter(context);
+        });
+
+        it('should replace instead of push if current request contains oauth2', () => {
+            context.getRequest.returns({
+                path: '/oauth2'
+            });
+
+            expectNavigate(mock, '/oauth/permissions', {
+                replace: true
+            });
 
             state.enter(context);
         });
diff --git a/tests/services/authFlow/helpers.js b/tests/services/authFlow/helpers.js
index 387c506..7c3ffe3 100644
--- a/tests/services/authFlow/helpers.js
+++ b/tests/services/authFlow/helpers.js
@@ -25,8 +25,12 @@ export function expectState(mock, state) {
     );
 }
 
-export function expectNavigate(mock, route) {
-    return mock.expects('navigate').once().withExactArgs(route);
+export function expectNavigate(mock, route, options) {
+    if (options) {
+        return mock.expects('navigate').once().withExactArgs(route, sinon.match(options));
+    } else {
+        return mock.expects('navigate').once().withExactArgs(route);
+    }
 }
 
 export function expectRun(mock, ...args) {