500 error on "Authorization Code" flow since upgrade from 4.2.0 to 4.2.4

Hi,

we have updated some dependencies in our orocommerce application and face issues with oauth2 "Authorization Code" flow now. Logins are not possible and hit a 500 error

Summary

We updated "oro/oauth2-server" from 4.2.0 to 4.2.4 (https://github.com/oroinc/oauth2-server/compare/4.2.0...4.2.4) and now get a "500 internal server error" when vising https://orocommerce.local/oauth2-token/login

Steps to reproduce

have an orocommerce setup with 4.2.X where "oro/oauth2-server:4.2.4" is used
Storefront Oauth2 Application is setup with type Authorization Code
visit orocommerce with an oauth2 URL (matching client and redirect uri), i.e https://orocommerce.local/oauth2-token/authorize?response_type=code&client_id=-UF69HzSGkVYfSKXfAr8c6AWGUztsztu&scope=user&state=qNuVKvpht0R-u6CLe1RVXypj2z-Lw776cgpMirZZbtY=&redirect_uri=https://myservuce.local/login/oauth2/code/orocommerce -- just visiting https://orocommerce.local/oauth2-token/login seems to cause the 500 too
error does not occur if user already has a valid session of the storefront

Actual Result

500 error

Expected Result
Not 500 error, get a login-screen

Details about your environment

OroPlatform version: 4.2.5
PHP version: 7.4.19
Database (MySQL, PostgreSQL) version

Additional information
Logs in var/logs/prod.log

[2021-08-09 19:57:39] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2021-08-09 19:57:39] request.INFO: Matched route "oro_oauth2_server_frontend_login_form". {"route":"oro_oauth2_server_frontend_login_form","route_parameters":{"_route":"oro_oauth2_server_frontend_login_form","type":"frontend","_controller":"Oro\\Bundle\\OAuth2ServerBundle\\Controller\\LoginController::loginAction"},"request_uri":"https://dev.vinnoplace.com/oauth2-token/login","method":"GET"} []
[2021-08-09 19:57:39] request.CRITICAL: Uncaught PHP Exception Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException: "Service "oro_oauth2_server.client_manager" not found: even though it exists in the app's container, the container inside "Oro\Bundle\OAuth2ServerBundle\Controller\LoginController" is a smaller service locator that only knows about the "Symfony\Component\Security\Csrf\CsrfTokenManagerInterface", "Symfony\Component\Security\Http\Authentication\AuthenticationUtils", "doc
trine", "form.factory", "http_kernel", "parameter_bag", "request_stack", "router", "security.authorization_checker", "security.csrf.token_manager", "security.token_storage", "serializer", "session", "templating" and "twig" services. Try using dependency injection instead." at /var/www/orocommerce/vendor/symfony/dependency-injection/ServiceLocator.php line 129 {"exception":"[object] (Symfony\\Component\\DependencyInjection\\Exception\\ServiceNotFoundException(code: 0): Service \"oro_oauth2_server.client_
manager\" not found: even though it exists in the app's container, the container inside \"Oro\\Bundle\\OAuth2ServerBundle\\Controller\\LoginController\" is a smaller service locator that only knows about the \"Symfony\\Component\\Security\\Csrf\\CsrfTokenManagerInterface\", \"Symfony\\Component\\Security\\Http\\Authentication\\AuthenticationUtils\", \"doctrine\", \"form.factory\", \"http_kernel\", \"parameter_bag\", \"request_stack\", \"router\", \"security.authorization_checker\", \"security.csrf.token
_manager\", \"security.token_storage\", \"serializer\", \"session\", \"templating\" and \"twig\" services. Try using dependency injection instead. at /var/www/orocommerce/vendor/symfony/dependency-injection/ServiceLocator.php:129)"} []

I believe that this change is the cuplrit:

grafik

(taken from here https://github.com/oroinc/oauth2-server/compare/4.2.0...4.2.4 )

I have hotfixed it as following, but it does not seem to be the right/clean solution.

Index: vendor/oro/oauth2-server/src/Oro/Bundle/OAuth2ServerBundle/Controller/LoginController.php
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/vendor/oro/oauth2-server/src/Oro/Bundle/OAuth2ServerBundle/Controller/LoginController.php b/vendor/oro/oauth2-server/src/Oro/Bundle/OAuth2ServerBundle/Controller/LoginController.php
--- a/vendor/oro/oauth2-server/src/Oro/Bundle/OAuth2ServerBundle/Controller/LoginController.php (revision 8e5ef0fc75949eceebdacfcdcfc9d38664c9d8b0)
+++ b/vendor/oro/oauth2-server/src/Oro/Bundle/OAuth2ServerBundle/Controller/LoginController.php (revision bc6230cc0e6ce8a3f7450fa86a160f6a001a5576)
@@ -4,6 +4,7 @@

 use Doctrine\Persistence\ManagerRegistry;
 use Oro\Bundle\OAuth2ServerBundle\Entity\Client;
+use Oro\Bundle\OAuth2ServerBundle\Entity\Manager\ClientManager;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
@@ -23,6 +24,7 @@
         return array_merge(parent::getSubscribedServices(), [
             CsrfTokenManagerInterface::class,
             AuthenticationUtils::class,
+            ClientManager::class,
             'doctrine' => ManagerRegistry::class
         ]);
     }
@@ -85,6 +87,6 @@
      */
     private function getClient(string $clientId): ?Client
     {
-        return $this->get('oro_oauth2_server.client_manager')->getClient($clientId);
+        return $this->get(ClientManager::class)->getClient($clientId);
     }
 }

oroinc / oauth2-server

500 error on "Authorization Code" flow since upgrade from 4.2.0 to 4.2.4 #3