From de273611b2dfd192f9ebd8d89281bb6a092f216a Mon Sep 17 00:00:00 2001
From: Paul Mehrer <p.mehrer@metaways.de>
Date: Wed, 31 Jul 2024 18:16:18 +0200
Subject: [PATCH] AuthCodeGrant throws invalidGrant exception if code is
 provided but invalid

---
 src/Grant/AuthCodeGrant.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php
index 8a24a8e95..36c6035d4 100644
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@@ -113,9 +113,17 @@ public function respondToAccessTokenRequest(
 
         try {
             $authCodePayload = json_decode($this->decrypt($encryptedAuthCode));
+        } catch (LogicException) {
+            throw OAuthServerException::invalidGrant('Cannot decrypt the authorization code');
+        }
 
+        try {
             $this->validateAuthorizationCode($authCodePayload, $client, $request);
+        } catch (LogicException) {
+            throw OAuthServerException::invalidGrant('Invalid authorization code');
+        }
 
+        try {
             $scopes = $this->scopeRepository->finalizeScopes(
                 $this->validateScopes($authCodePayload->scopes),
                 $this->getIdentifier(),
@@ -123,8 +131,8 @@ public function respondToAccessTokenRequest(
                 $authCodePayload->user_id,
                 $authCodePayload->auth_code_id
             );
-        } catch (LogicException $e) {
-            throw OAuthServerException::invalidRequest('code', 'Cannot decrypt the authorization code', $e);
+        } catch (LogicException) {
+            throw OAuthServerException::invalidGrant('Scopes payload could not be processed');
         }
 
         $codeVerifier = $this->getRequestParameter('code_verifier', $request);