From 9a58bc15f668b19439e7fcbf33572117182408b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?I=CC=87smail=20BASKIN?= <ismailbaskin1@gmail.com>
Date: Sat, 7 May 2016 17:43:43 +0300
Subject: [PATCH] Include redirect_uri check on authorization endpoint on
 implicit grant

---
 src/Grant/ImplicitGrant.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php
index 976acefb..634a79cd 100644
--- a/src/Grant/ImplicitGrant.php
+++ b/src/Grant/ImplicitGrant.php
@@ -142,6 +142,11 @@ class ImplicitGrant extends AbstractAuthorizeGrant
                 $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
                 throw OAuthServerException::invalidClient();
             }
+        } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1
+            || empty($client->getRedirectUri())
+        ) {
+            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
+            throw OAuthServerException::invalidClient();
         }
 
         $scopes = $this->validateScopes(