public function test_denyAuthorizationRequest_code_token_state()
 {
     $server = array();
     $params = array('response_type' => 'code token', 'client_id' => 'valid_client_id', 'redirect_uri' => 'http://valid_redirect_uri/', 'scope' => 'valid_scope', 'state' => 'valid_state');
     $request = new Akita_OAuth2_Server_Request('authorization', $server, $params);
     $dataHandler = new DataHandler_AuthorizationHandler_Test($request, null, null);
     $authHandler = new Akita_OAuth2_Server_AuthorizationHandler();
     try {
         $res = $authHandler->denyAuthorizationRequest($dataHandler);
         $this->assertEquals('access_denied', $res['fragment']['error']);
         $this->assertEquals('valid_state', $res['fragment']['state']);
     } catch (Akita_OAuth2_Server_Error $error) {
         $this->assertTrue(false, $error->getMessage());
     }
 }
    $request = unserialize($_SESSION['server_request']);
    unset($_SESSION['server_request']);
    unset($_SESSION['server_ts']);
    unset($_SESSION['server_key']);
} else {
    // error handling
    $error = new Akita_OAuth2_Server_Error('400', 'invalid_request');
    include './tmpl/error.html';
    exit;
}
$dataHandler = new Akita_OAuth2_Server_Sample_DataHandler($request);
$dataHandler->setUserId($email);
$authHandler = new Akita_OAuth2_Server_AuthorizationHandler();
try {
    if (isset($_GET['deny']) && $_GET['deny'] == '1') {
        $res = $authHandler->denyAuthorizationRequest($dataHandler);
    } else {
        $res = $authHandler->allowAuthorizationRequest($dataHandler);
    }
} catch (Akita_OAuth2_Server_Error $error) {
    // error handling
    include './tmpl/error.html';
    exit;
}
// build response
$redirect_uri = $res['redirect_uri'];
if (!empty($res['query'])) {
    $redirect_uri .= strpos($redirect_uri, '?') === false ? '?' : '&';
    $redirect_uri .= http_build_query($res['query']);
}
if (!empty($res['fragment'])) {