diff --git a/crates/ezidam/src/routes/oauth.rs b/crates/ezidam/src/routes/oauth.rs
index 799c165..4d4f8f9 100644
--- a/crates/ezidam/src/routes/oauth.rs
+++ b/crates/ezidam/src/routes/oauth.rs
@@ -161,12 +161,25 @@ async fn authorize(
     AuthorizationCodes::insert(&mut transaction, code.as_ref(), app.id(), user.id()).await?;
     transaction.commit().await?;
 
-    // TODO: put code, state (if present)
+    // Construct uri to redirect to
+    let uri = {
+        let uri_mode = match auth_request.response_mode {
+            ResponseMode::Query => "?",
+            ResponseMode::Fragment => "#",
+        };
 
-    // TODO: handle query, fragment, and form post
-    Ok(Either::Left(Redirect::found(
-        app.redirect_uri().to_string(),
-    )))
+        // Redirect + authorization code
+        let uri = format!("{}{}code={}", app.redirect_uri(), uri_mode, code.as_ref());
+
+        // Add state if present
+        if auth_request.state.is_empty() {
+            uri
+        } else {
+            format!("{}&state={}", uri, auth_request.state)
+        }
+    };
+
+    Ok(Either::Left(Redirect::found(uri)))
 }
 
 // TODO: oauth redirect route for ezidam