Validate grant types and adapt documentation.

Author: tfrommen

inc/endpoints/class-authorization.php

@@ -4,6 +4,7 @@
 
 use WP_Error;
 use WP\OAuth2;
+use WP\OAuth2\Types\Type;
 
 class Authorization {
 	const LOGIN_ACTION = 'oauth2_authorize';
@@ -26,6 +27,7 @@ public function handle_request() {
 		// Match type to a handler.
 		$grant_types = OAuth2\get_grant_types();
 		if ( $grant_types ) {
+			/** @var Type $type_handler */
 			foreach ( array_reverse( $grant_types ) as $type_handler ) {
 				if ( $type_handler->get_response_type_code() === $type ) {
 					$handler = $type_handler;

plugin.php

@@ -9,6 +9,7 @@
 
 namespace WP\OAuth2;
 
+use WP\OAuth2\Types\Type;
 use WP_REST_Response;
 
 bootstrap();
@@ -63,7 +64,7 @@ function rest_oauth2_load_authorize_page() {
 /**
  * Get valid grant types.
  *
- * @return array Map of grant type to handler object.
+ * @return Type[] Map of grant type to handler object.
  */
 function get_grant_types() {
 	/**
@@ -73,9 +74,14 @@ function get_grant_types() {
 	 * Note that additional grant types must follow the extension policy in the
 	 * OAuth 2 specification.
 	 *
-	 * @param array $grant_types Map of grant type to handler object.
+	 * @param Type[] $grant_types Map of grant type to handler object.
 	 */
-	return apply_filters( 'oauth2.grant_types', array() );
+	$grant_types = apply_filters( 'oauth2.grant_types', array() );
+
+	return array_filter( $grant_types, function ( $type ) {
+
+		return $type instanceof Type;
+	} );
 }
 
 /**