revoke code before validating redirect uri

jorenvandeweyer · jorenvandeweyer · commit 0f8c7929d63c · 2023-08-26T13:38:01.000+02:00
diff --git a/lib/grant-types/authorization-code-grant-type.js b/lib/grant-types/authorization-code-grant-type.js
@@ -53,8 +53,8 @@ class AuthorizationCodeGrantType extends AbstractGrantType {
     }
 
     const code = await this.getAuthorizationCode(request, client);
-    await this.validateRedirectUri(request, code);
     await this.revokeAuthorizationCode(code);
+    await this.validateRedirectUri(request, code);
 
     return this.saveToken(code.user, client, code.authorizationCode, code.scope);
   }

Original file line number	Diff line number	Diff line change
`@@ -53,8 +53,8 @@ class AuthorizationCodeGrantType extends AbstractGrantType {`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	`const code = await this.getAuthorizationCode(request, client);`
`56`		`- await this.validateRedirectUri(request, code);`
`57`	`56`	`await this.revokeAuthorizationCode(code);`
	`57`	`+ await this.validateRedirectUri(request, code);`
`58`	`58`
`59`	`59`	`return this.saveToken(code.user, client, code.authorizationCode, code.scope);`
`60`	`60`	`}`