Fuzz the redirect_uri parameter. (Refer to open redirect)
Test Race Condition in Oauth
Try to change the scope parameter if available
Test the state parameterr like csrf
Report if there is no state parameter