From a103953636e9e2d5cc070ba1ba9ad42b36ed8bfa Mon Sep 17 00:00:00 2001
From: Arie Timmerman <arietimmerman@gmail.com>
Date: Mon, 27 Jan 2020 19:32:49 +0100
Subject: [PATCH 1/3] Return invalid_grant error when the authorization code is
 revoked

---
 src/Grant/AuthCodeGrant.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php
index 0020eb1d9..33711ef8f 100644
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@@ -200,7 +200,7 @@ private function validateAuthorizationCode(
         }
 
         if ($this->authCodeRepository->isAuthCodeRevoked($authCodePayload->auth_code_id) === true) {
-            throw OAuthServerException::invalidRequest('code', 'Authorization code has been revoked');
+            throw OAuthServerException::invalidGrant('Authorization code has been revoked');
         }
 
         if ($authCodePayload->client_id !== $client->getIdentifier()) {

From caedd1c9c8b0842c710427250928b30bc4a65455 Mon Sep 17 00:00:00 2001
From: Arie Timmerman <arietimmerman@gmail.com>
Date: Tue, 28 Jan 2020 21:58:19 +0100
Subject: [PATCH 2/3] Added test

---
 tests/Grant/AuthCodeGrantTest.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/Grant/AuthCodeGrantTest.php b/tests/Grant/AuthCodeGrantTest.php
index 45c1e4914..051c4f267 100644
--- a/tests/Grant/AuthCodeGrantTest.php
+++ b/tests/Grant/AuthCodeGrantTest.php
@@ -1174,6 +1174,7 @@ public function testRespondToAccessTokenRequestRevokedCode()
             $grant->respondToAccessTokenRequest($request, new StubResponseType(), new DateInterval('PT10M'));
         } catch (OAuthServerException $e) {
             $this->assertEquals($e->getHint(), 'Authorization code has been revoked');
+            $this->assertEquals($e->getErrorType(), 'invalid_grant');
         }
     }
 

From 492508973e9a31748c714bed1609b9ff83283bd4 Mon Sep 17 00:00:00 2001
From: Andrew Millington <andrew.millington@ed.ac.uk>
Date: Fri, 31 Jan 2020 22:32:15 +0000
Subject: [PATCH 3/3] Update changelog

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 20f91b740..0e006dd4d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,7 +13,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Added support for PHP 7.4 (PR #1075)
 
 ### Fixed (v9)
-- If a refresh token has expired, been revoked, cannot be decrypted, or does not belong to the correct client, the server will now issue an `invalid_grant` error and a HTTP 400 response. In previous versions the server incorrectly issued an `invalid_request` and HTTP 401 response (PR #1042)
+- If a refresh token has expired, been revoked, cannot be decrypted, or does not belong to the correct client, the server will now issue an `invalid_grant` error and a HTTP 400 response. In previous versions the server incorrectly issued an `invalid_request` and HTTP 401 response (PR #1042) (PR #1082)
 
 ### Changed
 - If an error is encountered when running `preg_match()` to validate an RSA key, the server will now throw a RuntimeException (PR #1047)