diff --git a/internal/oauth/authorize.go b/internal/oauth/authorize.go
index b42fd3c..a2fe10e 100644
--- a/internal/oauth/authorize.go
+++ b/internal/oauth/authorize.go
@@ -61,5 +61,14 @@ func (h *OAuthHandler) AuthorizeClient(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	if !slices.Contains(client.RedirectUris, redirectUri) {
+		uri := fmt.Sprintf("%s?error=invalid_request&error_description=Redirect+URI+is+not+allowed", redirectUri)
+		if state != "" {
+			uri += "&state=" + state
+		}
+		http.Redirect(w, r, uri, http.StatusFound)
+		return
+	}
+
 	http.Redirect(w, r, fmt.Sprintf("/auth?%s", r.URL.Query().Encode()), http.StatusFound)
 }