Correctly handle tokens with missing clients

As a side-effect of changing the meta key, there may be leftover tokens
which now have an invalid client attached.

Author: rmccue

inc/admin/profile/namespace.php

@@ -26,6 +26,10 @@ function bootstrap() {
  */
 function render_profile_section( WP_User $user ) {
 	$tokens = Access_Token::get_for_user( $user );
+	$tokens = array_filter( $tokens, function ( Access_Token $token ) {
+		return (bool) $token->get_client();
+	});
+
 	?>
 	<h2><?php _e( 'Authorized Applications', 'oauth2' ) ?></h2>
 	<?php if ( ! empty( $tokens ) ) : ?>

inc/authentication/namespace.php

@@ -117,9 +117,10 @@ function attempt_authentication( $user = null ) {
 	// Attempt to find the token.
 	$is_querying_token = true;
 	$token = Tokens\get_by_id( $token_value );
+	$client = $token->get_client();
 	$is_querying_token = false;
 
-	if ( empty( $token ) ) {
+	if ( empty( $token ) || empty( $client ) ) {
 		$oauth2_error = create_invalid_token_error( $token_value );
 		return $user;
 	}