From 3365f3d733ace22e71d700b32b010f1ec3cbd2e7 Mon Sep 17 00:00:00 2001
From: Alex Bilbie <hello@alexbilbie.com>
Date: Tue, 15 Mar 2016 21:30:13 +0000
Subject: [PATCH] Moved client secret validation to abstract grant. Fixes #460

---
 src/Grant/AbstractGrant.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php
index 7fe30e5f..1a787761 100644
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@@ -197,7 +197,7 @@ abstract class AbstractGrant implements GrantTypeInterface
             throw OAuthServerException::invalidRequest('client_secret', '`%s` parameter is missing');
         }
 
-        if ($client->canKeepASecret() && $client->validateSecret($clientSecret) === false) {
+        if ($client->canKeepASecret() && password_verify($clientSecret, $client->getSecret()) === false) {
             $this->getEmitter()->emit(new Event('client.authentication.failed', $request));
             throw OAuthServerException::invalidClient();
         }