redirect_uri in authorize request is not validated

[poef]

If you register a client with redirect_uris: [ x ], then send an authorize/ request with redirect_uri: y, the request is accepted, and you get redirected to x.

I think it is better if the request is denied, because the redirect_uri is not part of the list in the registration.