From 6e583fdf8a56e1271e86b0bf2cab8c69a24738c4 Mon Sep 17 00:00:00 2001
From: Bobselp <BenjaminBohm@rhyta.com>
Date: Sun, 10 Apr 2016 22:19:42 +0200
Subject: [PATCH] less verbose exceptions for RefreshTokenGrant

For the LogicException you could also use `throw OAuthServerException::invalidRequest('refresh_token', 'Cannot decrypt the authorization code');`, to get the exact same error AuthCodeGrant-php throws if decryption of `code` fails there.
The second error hint provides information which doesn't help users of the API, although it is next to impossible to trigger this error due to the encryption.
---
 src/Grant/RefreshTokenGrant.php | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php
index 168e9908..0e27af45 100644
--- a/src/Grant/RefreshTokenGrant.php
+++ b/src/Grant/RefreshTokenGrant.php
@@ -101,17 +101,13 @@ class RefreshTokenGrant extends AbstractGrant
         try {
             $refreshToken = $this->decrypt($encryptedRefreshToken);
         } catch (\LogicException $e) {
-            throw OAuthServerException::invalidRefreshToken('Cannot parse refresh token: ' . $e->getMessage());
+            throw OAuthServerException::invalidRefreshToken('Cannot decrypt the refresh token');
         }
 
         $refreshTokenData = json_decode($refreshToken, true);
         if ($refreshTokenData['client_id'] !== $clientId) {
             $this->getEmitter()->emit(new RequestEvent('refresh_token.client.failed', $request));
-            throw OAuthServerException::invalidRefreshToken(
-                'Token is not linked to client,' .
-                ' got: ' . $clientId .
-                ' expected: ' . $refreshTokenData['client_id']
-            );
+            throw OAuthServerException::invalidRefreshToken('Token is not linked to client');
         }
 
         if ($refreshTokenData['expire_time'] < time()) {