My question may seem silly, but I really do not understand - what the purpose of catching redirect_uri from request and compare it with URI specified in the clients table? Is it due to a security issue?
Pre-registering redirect URIs itself is a security measurement because the authorization requests in OAuth 2.0 are not signed. Attackers could phish the user in clicking a link that would result in an authorization request with a redirect_uri pointing to a site that they control.
Sending the redirect_uri in the request itself does not serve a security purpose but is just there to let the Authorization Sever know where the client wants to receive the authorization response in the case there are multiple redirect URIs registered for this particular Client.
The redirect_uri parameter is optional by spec anyhow. If there's only one registered, then the redirect_uri parameter may be omitted from the request. If multiple redirect URIs are registered and no redirect URI is provided in the request, the result is unspecified: the AS may pick the first, anyone or none of them.