Merge pull request #1230 from marc-mabe/user-credentials-error

Respond with helpful and spec complient error on invalid user credentials

src/Exception/OAuthServerException.php

@@ -189,7 +189,7 @@ public static function invalidScope($scope, $redirectUri = null)
      */
     public static function invalidCredentials()
     {
-        return new static('The user credentials were incorrect.', 6, 'invalid_credentials', 401);
+        return new static('The user credentials were incorrect.', 6, 'invalid_grant', 400);
     }
 
     /**

src/Grant/PasswordGrant.php

@@ -106,7 +106,7 @@ protected function validateUser(ServerRequestInterface $request, ClientEntityInt
         if ($user instanceof UserEntityInterface === false) {
             $this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request));
 
-            throw OAuthServerException::invalidGrant();
+            throw OAuthServerException::invalidCredentials();
         }
 
         return $user;

tests/Exception/OAuthServerExceptionTest.php

@@ -137,4 +137,11 @@ public function testCanGetRedirectionUri()
 
         $this->assertSame('https://example.com/error', $exceptionWithRedirect->getRedirectUri());
     }
+
+    public function testInvalidCredentialsIsInvalidGrant()
+    {
+        $exception = OAuthServerException::invalidCredentials();
+
+        $this->assertSame('invalid_grant', $exception->getErrorType());
+    }
 }

tests/Grant/PasswordGrantTest.php

@@ -211,7 +211,7 @@ public function testRespondToRequestBadCredentials()
         $responseType = new StubResponseType();
 
         $this->expectException(\League\OAuth2\Server\Exception\OAuthServerException::class);
-        $this->expectExceptionCode(10);
+        $this->expectExceptionCode(6);
 
         $grant->respondToAccessTokenRequest($serverRequest, $responseType, new DateInterval('PT5M'));
     }