From 9a1ac6227c65296a4751c3e601cc1eb47398a77e Mon Sep 17 00:00:00 2001
From: Christian Weiske <cweiske@cweiske.de>
Date: Fri, 26 Sep 2014 14:32:03 +0200
Subject: Send HTTP 401 on invalid token

---
 lib/tokenstorage.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'lib/tokenstorage.php')

diff --git a/lib/tokenstorage.php b/lib/tokenstorage.php
index f8f0806..4b5f420 100644
--- a/lib/tokenstorage.php
+++ b/lib/tokenstorage.php
@@ -95,12 +95,15 @@ class TokenStorage
         )->fetchRow();
 
         if ($tokenRow === false) {
-            throw new OAuthException('Unknown token: ' . $type . ' / ' . $tokenKey);
+            throw new OAuthException(
+                'Unknown token: ' . $type . ' / ' . $tokenKey,
+                OAUTH_TOKEN_REJECTED
+            );
         }
 
         $token = $this->fromDb($tokenRow);
         if ($token->tokenKey != $tokenKey) {
-            throw new OAuthException('Invalid token');
+            throw new OAuthException('Invalid token', OAUTH_TOKEN_REJECTED);
         }
 
         return $token;
-- 
cgit v1.2.3