diff --git a/oauth3.issuer.js b/oauth3.issuer.js
index 0999403..6d1519f 100644
--- a/oauth3.issuer.js
+++ b/oauth3.issuer.js
@@ -192,8 +192,9 @@ OAUTH3.urls.grants = function (directive, opts) {
   }
 
   var url = OAUTH3.url.resolve(directive.api, grantsDir.url)
-    .replace(/(:azp|:client_id)/g, OAUTH3.uri.normalize(opts.client_id || opts.client_uri))
     .replace(/(:sub|:account_id)/g, opts.session.token.sub || 'ISSUER:GRANT:TOKEN_SUB:UNDEFINED')
+    .replace(/(:azp|:client_id)/g, !opts.all && OAUTH3.uri.normalize(opts.client_id || opts.client_uri) || '')
+    .replace(/\/\/$/, '/') // if there's a double slash due to the sub not existing
     ;
   var data = {
     client_id: opts.client_id
@@ -432,7 +433,7 @@ OAUTH3.authz.grants = function (providerUri, opts) {
     }
     // the responses for GET and POST requests are now the same, so we should alway be able to
     // use the response and save it the same way.
-    if ('GET' !== opts.method && 'POST' !== opts.method) {
+    if (opts.all || ('GET' !== opts.method && 'POST' !== opts.method)) {
       return grants;
     }