From 5ee1583c5b4ba9787403470bc6f6aec3843e3144 Mon Sep 17 00:00:00 2001
From: Alex Bilbie <hello@alexbilbie.com>
Date: Tue, 28 Jun 2016 09:03:01 +0100
Subject: [PATCH] Ensure state is in access denied redirect. Fixes #597

---
 src/Grant/AuthCodeGrant.php | 7 ++++++-
 src/Grant/ImplicitGrant.php | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php
index 5f736709a..aba20aea1 100644
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@@ -335,7 +335,12 @@ public function completeAuthorizationRequest(AuthorizationRequest $authorization
         // The user denied the client, redirect them back with an error
         throw OAuthServerException::accessDenied(
             'The user denied the request',
-            $finalRedirectUri
+            $this->makeRedirectUri(
+                $finalRedirectUri,
+                [
+                    'state' => $authorizationRequest->getState(),
+                ]
+            )
         );
     }
 }
diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php
index 976acefbb..6f4151641 100644
--- a/src/Grant/ImplicitGrant.php
+++ b/src/Grant/ImplicitGrant.php
@@ -207,7 +207,12 @@ public function completeAuthorizationRequest(AuthorizationRequest $authorization
         // The user denied the client, redirect them back with an error
         throw OAuthServerException::accessDenied(
             'The user denied the request',
-            $finalRedirectUri
+            $this->makeRedirectUri(
+                $finalRedirectUri,
+                [
+                    'state' => $authorizationRequest->getState(),
+                ]
+            )
         );
     }
 }