Fix tests

See thephpleague/oauth2-server#1298

composer.json

@@ -20,7 +20,7 @@
         "ext-openssl": "*",
         "doctrine/doctrine-bundle": "^2.8.0",
         "doctrine/orm": "^2.14|^3.0",
-        "league/oauth2-server": "^9",
+        "league/oauth2-server": "^9.0.1",
         "nyholm/psr7": "^1.4",
         "psr/http-factory": "^1.0",
         "symfony/event-dispatcher": "^5.4|^6.2|^7.0",

tests/Integration/AbstractIntegrationTest.php

@@ -223,7 +223,7 @@ protected function handleResourceRequest(ServerRequestInterface $serverRequest):
         return $serverRequest;
     }
 
-    protected function handleAuthorizationRequest(ServerRequestInterface $serverRequest, $approved = true): ResponseInterface
+    protected function handleAuthorizationRequest(ServerRequestInterface $serverRequest, $approved = true, $isImplicitGrantFlow = false): ResponseInterface
     {
         $response = $this->psrFactory->createResponse();
 
@@ -236,7 +236,7 @@ protected function handleAuthorizationRequest(ServerRequestInterface $serverRequ
 
             $response = $this->authorizationServer->completeAuthorizationRequest($authRequest, $response);
         } catch (OAuthServerException $e) {
-            $response = $e->generateHttpResponse($response);
+            $response = $e->generateHttpResponse($response, $isImplicitGrantFlow);
         }
 
         return $response;

tests/Integration/AuthorizationServerTest.php

@@ -711,7 +711,7 @@ public function testSuccessfulImplicitRequest(): void
             'client_id' => 'foo',
         ]);
 
-        $response = $this->handleAuthorizationRequest($request);
+        $response = $this->handleAuthorizationRequest($request, true, true);
         $this->assertSame(302, $response->getStatusCode());
         $responseData = [];
         parse_str(parse_url($response->getHeaderLine('Location'), \PHP_URL_FRAGMENT), $responseData);
@@ -733,7 +733,7 @@ public function testSuccessfulImplicitRequestWithState(): void
             'state' => 'quzbaz',
         ]);
 
-        $response = $this->handleAuthorizationRequest($request);
+        $response = $this->handleAuthorizationRequest($request, true, true);
 
         $this->assertSame(302, $response->getStatusCode());
         $responseData = [];
@@ -757,7 +757,7 @@ public function testSuccessfulImplicitRequestRedirectUri(): void
             'redirect_uri' => 'https://example.org/oauth2/redirect-uri',
         ]);
 
-        $response = $this->handleAuthorizationRequest($request);
+        $response = $this->handleAuthorizationRequest($request, true, true);
         $this->assertSame(302, $response->getStatusCode());
         $responseData = [];
         parse_str(parse_url($response->getHeaderLine('Location'), \PHP_URL_FRAGMENT), $responseData);
@@ -779,10 +779,10 @@ public function testImplicitRequestWithInvalidScope(): void
             'scope' => 'non_existing',
         ]);
 
-        $response = $this->handleAuthorizationRequest($request);
+        $response = $this->handleAuthorizationRequest($request, true, true);
         $this->assertSame(302, $response->getStatusCode());
         $responseData = [];
-        parse_str(parse_url($response->getHeaderLine('Location'), \PHP_URL_QUERY), $responseData);
+        parse_str(parse_url($response->getHeaderLine('Location'), \PHP_URL_FRAGMENT), $responseData);
 
         // Response assertions.
         $this->assertSame('invalid_scope', $responseData['error']);
@@ -798,7 +798,7 @@ public function testImplicitRequestWithInvalidRedirectUri(): void
             'redirect_uri' => 'https://example.org/oauth2/other-uri',
         ]);
 
-        $response = $this->handleAuthorizationRequest($request);
+        $response = $this->handleAuthorizationRequest($request, true, true);
         $this->assertSame(401, $response->getStatusCode());
         $responseData = json_decode((string) $response->getBody(), true);
 
@@ -814,10 +814,10 @@ public function testDeniedImplicitRequest(): void
             'client_id' => 'foo',
         ]);
 
-        $response = $this->handleAuthorizationRequest($request, false);
+        $response = $this->handleAuthorizationRequest($request, false, true);
         $this->assertSame(302, $response->getStatusCode());
         $responseData = [];
-        parse_str(parse_url($response->getHeaderLine('Location'), \PHP_URL_QUERY), $responseData);
+        parse_str(parse_url($response->getHeaderLine('Location'), \PHP_URL_FRAGMENT), $responseData);
 
         // Response assertions.
         $this->assertSame('access_denied', $responseData['error']);
@@ -832,7 +832,7 @@ public function testImplicitRequestWithMissingClient(): void
             'client_id' => 'yolo',
         ]);
 
-        $response = $this->handleAuthorizationRequest($request, false);
+        $response = $this->handleAuthorizationRequest($request, false, true);
         $this->assertSame(401, $response->getStatusCode());
         $responseData = json_decode((string) $response->getBody(), true);
 
@@ -848,7 +848,7 @@ public function testImplicitRequestWithInactiveClient(): void
             'client_id' => 'baz_inactive',
         ]);
 
-        $response = $this->handleAuthorizationRequest($request, false);
+        $response = $this->handleAuthorizationRequest($request, false, true);
         $this->assertSame(401, $response->getStatusCode());
         $responseData = json_decode((string) $response->getBody(), true);
 
@@ -864,7 +864,7 @@ public function testImplicitRequestWithRestrictedGrantClient(): void
             'client_id' => 'qux_restricted',
         ]);
 
-        $response = $this->handleAuthorizationRequest($request, false);
+        $response = $this->handleAuthorizationRequest($request, false, true);
         $this->assertSame(401, $response->getStatusCode());
         $responseData = json_decode((string) $response->getBody(), true);