Consistent json_decode() usage across grant types

[GameplayJDK]

Hello everyone,

I hope you're all fine. I'll get straight to it:

While implementing authentication through the league/oauth2-server package, I've noticed that the \json_decode() calls are not consistent across grant types. Ok, so it actually only makes two occurrences in the whole codebase, but I stumbled upon this by accident and as I'm kind of "have a thing" for very strict consistency to put it mildly, I thought I might also report this.

• First occurrence in src/Grant/AuthCodeGrant.php:

            $authCodePayload = \json_decode($this->decrypt($encryptedAuthCode));

            // Some stdClass usage is hiding in here...
            $this->validateAuthorizationCode($authCodePayload, $client, $request);

            $scopes = $this->scopeRepository->finalizeScopes(
                $this->validateScopes($authCodePayload->scopes),

• Second occurrence in src/Grant/RefreshTokenGrant.php:

        $refreshTokenData = \json_decode($refreshToken, true);
        if ($refreshTokenData['client_id'] !== $clientId) {

One of these uses the stdClass, while the other is using the associative array.

Is there a reason for this difference? In case there is no particular reason, I'd like to submit a PR for this.

Best regards

[Sephster]

The refresh token contains scopes which need to be encoded for transport. I think this was done so that we could call implode to easily achieve this. Changing the refresh token would be a breaking change and I think in most situations it would be preferable to keep the return as an object.

Thank you for the offer of a PR but I think it would be best to keep the implementation as is for now.