Reject requests missing redirect_uri when client has multiple redirect_uris
tekul opened this issue · comments
OP should reject authorization request missing redirect_uri when client has more than one registered.
OP test OP-J-02 fails.
See OAuth 3.1.2.3.