diff --git a/src/Controller/AuthorizationController.php b/src/Controller/AuthorizationController.php
index da56eef5..07f12bbd 100644
--- a/src/Controller/AuthorizationController.php
+++ b/src/Controller/AuthorizationController.php
@@ -111,7 +111,7 @@ public function indexAction(Request $request): Response
 
             $response = $this->server->completeAuthorizationRequest($authRequest, $serverResponse);
         } catch (OAuthServerException $e) {
-            $response = $e->generateHttpResponse($serverResponse);
+            $response = $e->generateHttpResponse($serverResponse, str_contains($e->getRedirectUri() ?? '', '#'));
         }
 
         return $this->httpFoundationFactory->createResponse($response);
diff --git a/tests/Acceptance/AuthorizationEndpointTest.php b/tests/Acceptance/AuthorizationEndpointTest.php
index 7b82ad4c..7c0c999b 100644
--- a/tests/Acceptance/AuthorizationEndpointTest.php
+++ b/tests/Acceptance/AuthorizationEndpointTest.php
@@ -474,4 +474,33 @@ public function testFailedAuthorizeRequest(): void
         $this->assertSame('The authorization grant type is not supported by the authorization server.', $jsonResponse['error_description']);
         $this->assertSame('Check that all required parameters have been provided', $jsonResponse['hint']);
     }
+
+    public function testUnathorizedImplicitRequest(): void
+    {
+        $this->loginUser();
+
+        $this->client->request(
+            'GET',
+            '/authorize',
+            [
+                'client_id' => FixtureFactory::FIXTURE_CLIENT_FIRST,
+                'response_type' => 'token',
+                'state' => 'foobar',
+            ]
+        );
+
+        $response = $this->client->getResponse();
+
+        $this->assertSame(302, $response->getStatusCode());
+        $redirectUri = $response->headers->get('Location');
+
+        $this->assertStringStartsWith(FixtureFactory::FIXTURE_CLIENT_FIRST_REDIRECT_URI, $redirectUri);
+        $fragment = [];
+        parse_str(parse_url($redirectUri, \PHP_URL_FRAGMENT), $fragment);
+        $this->assertArrayHasKey('error', $fragment);
+        $this->assertArrayHasKey('error_description', $fragment);
+        $this->assertArrayHasKey('state', $fragment);
+        $this->assertEquals('access_denied', $fragment['error']);
+        $this->assertEquals('foobar', $fragment['state']);
+    }
 }