Hi Lorna,
Applications should also have a registered redirect_uri too if you’re following the OAuth 2.0 spec.
I’ve created a OAuth 2.0 auth server, resource server and client for CodeIgniter:
https://github.com/alexbilbie/CodeIgniter-OAuth-2.0-Server
Cheers,
Alex