Most error cases in AuthCodeGrant::validateAuthorizationRequest doesn't redirect back to client even when client_id is specified.

For example when using "Authorization code grant" and client sends query with
response_type=code&client_id=existing&redirect_uri=https://... I would expect that it would get redirected back with error so client would know they're doing something wrong.

But for most errors there are no redirects, also even with response_type=invalid&client_id=existing I would want it to be redirected back.

See https://www.oauth.com/oauth2-servers/server-side-apps/possible-errors/