From 80699bda1a773c0fe3f8355f7ded12b8f93d446b Mon Sep 17 00:00:00 2001
From: sephster <andrew@noexceptions.io>
Date: Tue, 8 Dec 2020 23:23:09 +0000
Subject: [PATCH 1/2] Revert enforcing of client redirect uri

---
 src/Grant/AbstractGrant.php | 2 +-
 src/Grant/AuthCodeGrant.php | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php
index ead94db72..c4797292a 100644
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@@ -216,7 +216,7 @@ protected function getClientEntityOrFail($clientId, ServerRequestInterface $requ
     {
         $client = $this->clientRepository->getClientEntity($clientId);
 
-        if ($client instanceof ClientEntityInterface === false || empty($client->getRedirectUri())) {
+        if ($client instanceof ClientEntityInterface === false) {
             $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
             throw OAuthServerException::invalidClient($request);
         }
diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php
index 0f4211172..5cce97e51 100644
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@@ -261,7 +261,8 @@ public function validateAuthorizationRequest(ServerRequestInterface $request)
 
         if ($redirectUri !== null) {
             $this->validateRedirectUri($redirectUri, $client, $request);
-        } elseif (\is_array($client->getRedirectUri()) && \count($client->getRedirectUri()) !== 1) {
+        } elseif (empty($client->getRedirectUri()) ||
+            (\is_array($client->getRedirectUri()) && \count($client->getRedirectUri()) !== 1)) {
             $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
 
             throw OAuthServerException::invalidClient($request);

From cd43b4a2bdcf6afeb066cfc7e5f0370ac1122f71 Mon Sep 17 00:00:00 2001
From: sephster <andrew@noexceptions.io>
Date: Wed, 9 Dec 2020 12:00:23 +0000
Subject: [PATCH 2/2] Update changelog

---
 CHANGELOG.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index aa6452c95..d8a75bf26 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,10 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+## [8.2.4] - released 2020-12-09
+### Fixed
+- Reverted the enforcement of at least one redirect_uri for a client. This change has instead been moved to version 9 (PR #1169)
+
 ## [8.2.3] - released 2020-12-02
 ### Added
 - Re-added support for PHP 7.2 (PR #1165, #1167)
@@ -522,7 +526,8 @@ Version 5 is a complete code rewrite.
 
 - First major release
 
-[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/8.2.3...HEAD
+[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/8.2.4...HEAD
+[8.2.4]: https://github.com/thephpleague/oauth2-server/compare/8.2.3...8.2.4
 [8.2.3]: https://github.com/thephpleague/oauth2-server/compare/8.2.2...8.2.3
 [8.2.2]: https://github.com/thephpleague/oauth2-server/compare/8.2.1...8.2.2
 [8.2.1]: https://github.com/thephpleague/oauth2-server/compare/8.2.0...8.2.1