/** * @param \OAuth2\Token\AuthCodeInterface $authCode * @param \OAuth2\Client\ClientInterface $client * * @throws \OAuth2\Exception\BaseExceptionInterface */ protected function checkAuthCode(AuthCodeInterface $authCode, ClientInterface $client) { if ($client->getPublicId() !== $authCode->getClientPublicId()) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, "Code doesn't exist or is invalid for the client."); } if ($authCode->hasExpired()) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, 'The authorization code has expired.'); } }