500 error on "Authorization Code" flow since upgrade from 4.2.0 to 4.2.4

[DRoppelt]

Hi,

we have updated some dependencies in our orocommerce application and face issues with oauth2 "Authorization Code" flow now. Logins are not possible and hit a 500 error

Summary

We updated "oro/oauth2-server" from 4.2.0 to 4.2.4 (4.2.0...4.2.4) and now get a "500 internal server error" when vising https://orocommerce.local/oauth2-token/login

Steps to reproduce

• have an orocommerce setup with 4.2.X where "oro/oauth2-server:4.2.4" is used
• Storefront Oauth2 Application is setup with type Authorization Code
• visit orocommerce with an oauth2 URL (matching client and redirect uri), i.e https://orocommerce.local/oauth2-token/authorize?response_type=code&client_id=-UF69HzSGkVYfSKXfAr8c6AWGUztsztu&scope=user&state=qNuVKvpht0R-u6CLe1RVXypj2z-Lw776cgpMirZZbtY=&redirect_uri=https://myservuce.local/login/oauth2/code/orocommerce
  -- just visiting https://orocommerce.local/oauth2-token/login seems to cause the 500 too
• error does not occur if user already has a valid session of the storefront

Actual Result

500 error

Expected Result
Not 500 error, get a login-screen

Details about your environment

• OroPlatform version: 4.2.5
• PHP version: 7.4.19
• Database (MySQL, PostgreSQL) version

Additional information
Logs in var/logs/prod.log

[2021-08-09 19:57:39] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2021-08-09 19:57:39] request.INFO: Matched route "oro_oauth2_server_frontend_login_form". {"route":"oro_oauth2_server_frontend_login_form","route_parameters":{"_route":"oro_oauth2_server_frontend_login_form","type":"frontend","_controller":"Oro\\Bundle\\OAuth2ServerBundle\\Controller\\LoginController::loginAction"},"request_uri":"https://dev.vinnoplace.com/oauth2-token/login","method":"GET"} []
[2021-08-09 19:57:39] request.CRITICAL: Uncaught PHP Exception Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException: "Service "oro_oauth2_server.client_manager" not found: even though it exists in the app's container, the container inside "Oro\Bundle\OAuth2ServerBundle\Controller\LoginController" is a smaller service locator that only knows about the "Symfony\Component\Security\Csrf\CsrfTokenManagerInterface", "Symfony\Component\Security\Http\Authentication\AuthenticationUtils", "doc
trine", "form.factory", "http_kernel", "parameter_bag", "request_stack", "router", "security.authorization_checker", "security.csrf.token_manager", "security.token_storage", "serializer", "session", "templating" and "twig" services. Try using dependency injection instead." at /var/www/orocommerce/vendor/symfony/dependency-injection/ServiceLocator.php line 129 {"exception":"[object] (Symfony\\Component\\DependencyInjection\\Exception\\ServiceNotFoundException(code: 0): Service \"oro_oauth2_server.client_
manager\" not found: even though it exists in the app's container, the container inside \"Oro\\Bundle\\OAuth2ServerBundle\\Controller\\LoginController\" is a smaller service locator that only knows about the \"Symfony\\Component\\Security\\Csrf\\CsrfTokenManagerInterface\", \"Symfony\\Component\\Security\\Http\\Authentication\\AuthenticationUtils\", \"doctrine\", \"form.factory\", \"http_kernel\", \"parameter_bag\", \"request_stack\", \"router\", \"security.authorization_checker\", \"security.csrf.token
_manager\", \"security.token_storage\", \"serializer\", \"session\", \"templating\" and \"twig\" services. Try using dependency injection instead. at /var/www/orocommerce/vendor/symfony/dependency-injection/ServiceLocator.php:129)"} []

I believe that this change is the cuplrit:

(taken from here 4.2.0...4.2.4 )

[DRoppelt]

I have hotfixed it as following, but it does not seem to be the right/clean solution.

Index: vendor/oro/oauth2-server/src/Oro/Bundle/OAuth2ServerBundle/Controller/LoginController.php
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/vendor/oro/oauth2-server/src/Oro/Bundle/OAuth2ServerBundle/Controller/LoginController.php b/vendor/oro/oauth2-server/src/Oro/Bundle/OAuth2ServerBundle/Controller/LoginController.php
--- a/vendor/oro/oauth2-server/src/Oro/Bundle/OAuth2ServerBundle/Controller/LoginController.php	(revision 8e5ef0fc75949eceebdacfcdcfc9d38664c9d8b0)
+++ b/vendor/oro/oauth2-server/src/Oro/Bundle/OAuth2ServerBundle/Controller/LoginController.php	(revision bc6230cc0e6ce8a3f7450fa86a160f6a001a5576)
@@ -4,6 +4,7 @@
 
 use Doctrine\Persistence\ManagerRegistry;
 use Oro\Bundle\OAuth2ServerBundle\Entity\Client;
+use Oro\Bundle\OAuth2ServerBundle\Entity\Manager\ClientManager;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
@@ -23,6 +24,7 @@
         return array_merge(parent::getSubscribedServices(), [
             CsrfTokenManagerInterface::class,
             AuthenticationUtils::class,
+            ClientManager::class,
             'doctrine' => ManagerRegistry::class
         ]);
     }
@@ -85,6 +87,6 @@
      */
     private function getClient(string $clientId): ?Client
     {
-        return $this->get('oro_oauth2_server.client_manager')->getClient($clientId);
+        return $this->get(ClientManager::class)->getClient($clientId);
     }
 }