diff --git a/src/Entities/ClientEntity.php b/src/Entities/ClientEntity.php
deleted file mode 100644
index d72b6b3f..00000000
--- a/src/Entities/ClientEntity.php
+++ /dev/null
@@ -1,15 +0,0 @@
-<?php
-
-namespace League\OAuth2\Server\Entities;
-
-use League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface;
-use League\OAuth2\Server\Entities\Traits\ClientEntityTrait;
-use League\OAuth2\Server\Entities\Traits\EntityTrait;
-
-/**
- * Class ClientEntity.
- */
-class ClientEntity implements ClientEntityInterface
-{
-    use EntityTrait, ClientEntityTrait;
-}
diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php
index f700c57b..7fe30e5f 100644
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@@ -11,20 +11,19 @@
 namespace League\OAuth2\Server\Grant;
 
 use League\Event\EmitterAwareTrait;
-use League\Event\EmitterInterface;
 use League\Event\Event;
 use League\OAuth2\Server\Entities\AccessTokenEntity;
 use League\OAuth2\Server\Entities\AuthCodeEntity;
 use League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface;
+use League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface;
 use League\OAuth2\Server\Entities\RefreshTokenEntity;
-use League\OAuth2\Server\Entities\ScopeEntity;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
-use OAuth2ServerExamples\Repositories\AuthCodeRepository;
+use League\OAuth2\Server\Repositories\UserRepositoryInterface;
 use Psr\Http\Message\ServerRequestInterface;
 
 /**
@@ -59,12 +58,17 @@ abstract class AbstractGrant implements GrantTypeInterface
     /**
      * @var \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface
      */
-    private $authCodeRepository;
+    protected $authCodeRepository;
 
     /**
      * @var \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface
      */
-    private $refreshTokenRepository;
+    protected $refreshTokenRepository;
+
+    /**
+     * @var \League\OAuth2\Server\Repositories\UserRepositoryInterface
+     */
+    protected $userRepository;
 
     /**
      * @var string
@@ -121,6 +125,14 @@ abstract class AbstractGrant implements GrantTypeInterface
         $this->authCodeRepository = $authCodeRepository;
     }
 
+    /**
+     * @param \League\OAuth2\Server\Repositories\UserRepositoryInterface $userRepository
+     */
+    public function setUserRepository(UserRepositoryInterface $userRepository)
+    {
+        $this->userRepository = $userRepository;
+    }
+
     /**
      * @param string $pathToPrivateKey
      */
@@ -137,14 +149,6 @@ abstract class AbstractGrant implements GrantTypeInterface
         $this->pathToPublicKey = $pathToPublicKey;
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function setEmitter(EmitterInterface $emitter = null)
-    {
-        $this->emitter = $emitter;
-    }
-
     /**
      * {@inheritdoc}
      */
@@ -153,22 +157,6 @@ abstract class AbstractGrant implements GrantTypeInterface
         $this->refreshTokenTTL = $refreshTokenTTL;
     }
 
-    /**
-     * @return AuthCodeRepositoryInterface
-     */
-    protected function getAuthCodeRepository()
-    {
-        return $this->authCodeRepository;
-    }
-
-    /**
-     * @return RefreshTokenRepositoryInterface
-     */
-    protected function getRefreshTokenRepository()
-    {
-        return $this->refreshTokenRepository;
-    }
-
     /**
      * Validate the client.
      *
@@ -226,22 +214,21 @@ abstract class AbstractGrant implements GrantTypeInterface
     /**
      * Validate scopes in the request.
      *
-     * @param \Psr\Http\Message\ServerRequestInterface                        $request
+     * @param string                                                          $scopes
      * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
      * @param string                                                          $redirectUri
      *
      * @throws \League\OAuth2\Server\Exception\OAuthServerException
      *
-     * @return \League\OAuth2\Server\Entities\ScopeEntity[]
+     * @return \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface[]
      */
     public function validateScopes(
-        ServerRequestInterface $request,
+        $scopes,
         ClientEntityInterface $client,
         $redirectUri = null
     ) {
-        $requestedScopes = $this->getRequestParameter('scope', $request);
         $scopesList = array_filter(
-            explode(self::SCOPE_DELIMITER_STRING, trim($requestedScopes)),
+            explode(self::SCOPE_DELIMITER_STRING, trim($scopes)),
             function ($scope) {
                 return !empty($scope);
             }
@@ -255,7 +242,7 @@ abstract class AbstractGrant implements GrantTypeInterface
                 $client->getIdentifier()
             );
 
-            if (($scope instanceof ScopeEntity) === false) {
+            if (($scope instanceof ScopeEntityInterface) === false) {
                 throw OAuthServerException::invalidScope($scopeItem, $redirectUri);
             }
 
@@ -326,10 +313,10 @@ abstract class AbstractGrant implements GrantTypeInterface
     /**
      * Issue an access token.
      *
-     * @param \DateInterval                                                   $tokenTTL
-     * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
-     * @param string                                                          $userIdentifier
-     * @param array                                                           $scopes
+     * @param \DateInterval                                                    $tokenTTL
+     * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface  $client
+     * @param string                                                           $userIdentifier
+     * @param \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface[] $scopes
      *
      * @return \League\OAuth2\Server\Entities\AccessTokenEntity
      */
@@ -346,11 +333,6 @@ abstract class AbstractGrant implements GrantTypeInterface
         $accessToken->setUserIdentifier($userIdentifier);
 
         foreach ($scopes as $scope) {
-            if (is_string($scope)) {
-                $s = new ScopeEntity();
-                $s->setIdentifier($scope);
-                $scope = $s;
-            }
             $accessToken->addScope($scope);
         }
 
@@ -362,11 +344,11 @@ abstract class AbstractGrant implements GrantTypeInterface
     /**
      * Issue an auth code.
      *
-     * @param \DateInterval                                                   $tokenTTL
-     * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface $client
-     * @param string                                                          $userIdentifier
-     * @param string                                                          $redirectUri
-     * @param array                                                           $scopes
+     * @param \DateInterval                                                    $tokenTTL
+     * @param \League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface  $client
+     * @param string                                                           $userIdentifier
+     * @param string                                                           $redirectUri
+     * @param \League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface[] $scopes
      *
      * @throws \League\OAuth2\Server\Exception\OAuthServerException
      *
diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php
index ca54b824..f1db4921 100644
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@@ -24,11 +24,6 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
      */
     private $authCodeTTL;
 
-    /**
-     * @var \League\OAuth2\Server\Repositories\UserRepositoryInterface
-     */
-    private $userRepository;
-
     /**
      * @param \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface     $authCodeRepository
      * @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
@@ -49,7 +44,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
     ) {
         $this->setAuthCodeRepository($authCodeRepository);
         $this->setRefreshTokenRepository($refreshTokenRepository);
-        $this->userRepository = $userRepository;
+        $this->setUserRepository($userRepository);
         $this->authCodeTTL = $authCodeTTL;
         $this->refreshTokenTTL = new \DateInterval('P1M');
         $this->loginTemplate = $loginTemplate;
@@ -94,7 +89,11 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
             throw OAuthServerException::invalidClient();
         }
 
-        $scopes = $this->validateScopes($request, $client, $client->getRedirectUri());
+        $scopes = $this->validateScopes(
+            $this->getQueryStringParameter('scope', $request),
+            $client,
+            $client->getRedirectUri()
+        );
         $queryString = http_build_query($request->getQueryParams());
         $postbackUri = new Uri(
             sprintf(
@@ -258,7 +257,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
                 throw OAuthServerException::invalidRequest('code', 'Authorization code has expired');
             }
 
-            if ($this->getAuthCodeRepository()->isAuthCodeRevoked($authCodePayload->auth_code_id) === true) {
+            if ($this->authCodeRepository->isAuthCodeRevoked($authCodePayload->auth_code_id) === true) {
                 throw OAuthServerException::invalidRequest('code', 'Authorization code has been revoked');
             }
 
@@ -269,17 +268,27 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
             if ($authCodePayload->redirect_uri !== $redirectUri) {
                 throw OAuthServerException::invalidRequest('redirect_uri', 'Invalid redirect URI');
             }
+
+            $scopes = [];
+            foreach ($authCodePayload->scopes as $scopeId) {
+                $scope = $this->scopeRepository->getScopeEntityByIdentifier(
+                    $scopeId,
+                    $this->getIdentifier(),
+                    $client->getIdentifier()
+                );
+
+                if (!$scope) {
+                    throw OAuthServerException::invalidScope($scopeId);
+                }
+
+                $scopes[] = $scope;
+            }
         } catch (\LogicException  $e) {
             throw OAuthServerException::invalidRequest('code', 'Cannot decrypt the authorization code');
         }
 
         // Issue and persist access + refresh tokens
-        $accessToken = $this->issueAccessToken(
-            $accessTokenTTL,
-            $client,
-            $authCodePayload->user_id,
-            $authCodePayload->scopes
-        );
+        $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $authCodePayload->user_id, $scopes);
         $refreshToken = $this->issueRefreshToken($accessToken);
 
         // Inject tokens into response type
diff --git a/src/Grant/ClientCredentialsGrant.php b/src/Grant/ClientCredentialsGrant.php
index 6da17f21..1b15defd 100644
--- a/src/Grant/ClientCredentialsGrant.php
+++ b/src/Grant/ClientCredentialsGrant.php
@@ -28,7 +28,7 @@ class ClientCredentialsGrant extends AbstractGrant
     ) {
         // Validate request
         $client = $this->validateClient($request);
-        $scopes = $this->validateScopes($request, $client);
+        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
 
         // Issue and persist access token
         $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $client->getIdentifier(), $scopes);
diff --git a/src/Grant/ImplicitGrant.php b/src/Grant/ImplicitGrant.php
index 56124305..4e306d76 100644
--- a/src/Grant/ImplicitGrant.php
+++ b/src/Grant/ImplicitGrant.php
@@ -16,11 +16,6 @@ use Zend\Diactoros\Uri;
 
 class ImplicitGrant extends AbstractAuthorizeGrant
 {
-    /**
-     * @var \League\OAuth2\Server\Repositories\UserRepositoryInterface
-     */
-    private $userRepository;
-
     /**
      * @param \League\OAuth2\Server\Repositories\UserRepositoryInterface    $userRepository
      * @param string|null                                                   $loginTemplate
@@ -33,7 +28,7 @@ class ImplicitGrant extends AbstractAuthorizeGrant
         $authorizeTemplate = null,
         RendererInterface $templateRenderer = null
     ) {
-        $this->userRepository = $userRepository;
+        $this->setUserRepository($userRepository);
         $this->refreshTokenTTL = new \DateInterval('P1M');
         $this->loginTemplate = $loginTemplate;
         $this->authorizeTemplate = $authorizeTemplate;
@@ -94,7 +89,11 @@ class ImplicitGrant extends AbstractAuthorizeGrant
             throw OAuthServerException::invalidClient();
         }
 
-        $scopes = $this->validateScopes($request, $client, $client->getRedirectUri());
+        $scopes = $this->validateScopes(
+            $this->getQueryStringParameter('scope', $request),
+            $client,
+            $client->getRedirectUri()
+        );
         $queryString = http_build_query($request->getQueryParams());
         $postbackUri = new Uri(
             sprintf(
@@ -197,7 +196,7 @@ class ImplicitGrant extends AbstractAuthorizeGrant
                 $scopes
             );
 
-            $redirectPayload['access_token'] = $accessToken->convertToJWT($this->pathToPrivateKey);
+            $redirectPayload['access_token'] = (string) $accessToken->convertToJWT($this->pathToPrivateKey);
             $redirectPayload['token_type'] = 'bearer';
             $redirectPayload['expires_in'] = time() - $accessToken->getExpiryDateTime()->getTimestamp();
 
diff --git a/src/Grant/PasswordGrant.php b/src/Grant/PasswordGrant.php
index 1145e6ab..f9298722 100644
--- a/src/Grant/PasswordGrant.php
+++ b/src/Grant/PasswordGrant.php
@@ -23,11 +23,6 @@ use Psr\Http\Message\ServerRequestInterface;
  */
 class PasswordGrant extends AbstractGrant
 {
-    /**
-     * @var \League\OAuth2\Server\Repositories\UserRepositoryInterface
-     */
-    private $userRepository;
-
     /**
      * @param \League\OAuth2\Server\Repositories\UserRepositoryInterface         $userRepository
      * @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
@@ -36,7 +31,7 @@ class PasswordGrant extends AbstractGrant
         UserRepositoryInterface $userRepository,
         RefreshTokenRepositoryInterface $refreshTokenRepository
     ) {
-        $this->userRepository = $userRepository;
+        $this->setUserRepository($userRepository);
         $this->setRefreshTokenRepository($refreshTokenRepository);
 
         $this->refreshTokenTTL = new \DateInterval('P1M');
@@ -53,7 +48,7 @@ class PasswordGrant extends AbstractGrant
         // Validate request
         $client = $this->validateClient($request);
         $user = $this->validateUser($request);
-        $scopes = $this->validateScopes($request, $client);
+        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
 
         // Issue and persist new tokens
         $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes);
diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php
index 83ffe5ed..04d078e4 100644
--- a/src/Grant/RefreshTokenGrant.php
+++ b/src/Grant/RefreshTokenGrant.php
@@ -11,7 +11,6 @@
 namespace League\OAuth2\Server\Grant;
 
 use League\Event\Event;
-use League\OAuth2\Server\Entities\ScopeEntity;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
 use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
@@ -44,13 +43,20 @@ class RefreshTokenGrant extends AbstractGrant
         // Validate request
         $client = $this->validateClient($request);
         $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
-        $scopes = $this->validateScopes($request, $client);
+        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request), $client);
 
         // If no new scopes are requested then give the access token the original session scopes
         if (count($scopes) === 0) {
-            $scopes = array_map(function ($scopeId) {
-                $scope = new ScopeEntity();
-                $scope->setIdentifier($scopeId);
+            $scopes = array_map(function ($scopeId) use ($client) {
+                $scope = $this->scopeRepository->getScopeEntityByIdentifier(
+                    $scopeId,
+                    $this->getIdentifier(),
+                    $client->getIdentifier()
+                );
+
+                if (!$scope) {
+                    throw OAuthServerException::invalidScope($scopeId);
+                }
 
                 return $scope;
             }, $oldRefreshToken['scopes']);
@@ -68,13 +74,13 @@ class RefreshTokenGrant extends AbstractGrant
 
         // Expire old tokens
         $this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']);
-        $this->getRefreshTokenRepository()->revokeRefreshToken($oldRefreshToken['refresh_token_id']);
+        $this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']);
 
         // Issue and persist new tokens
         $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $oldRefreshToken['user_id'], $scopes);
         $refreshToken = $this->issueRefreshToken($accessToken);
         $this->accessTokenRepository->persistNewAccessToken($accessToken);
-        $this->getRefreshTokenRepository()->persistNewRefreshToken($refreshToken);
+        $this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
 
         // Inject tokens into response
         $responseType->setAccessToken($accessToken);
@@ -120,7 +126,7 @@ class RefreshTokenGrant extends AbstractGrant
             throw OAuthServerException::invalidRefreshToken('Token has expired');
         }
 
-        if ($this->getRefreshTokenRepository()->isRefreshTokenRevoked($refreshTokenData['refresh_token_id']) === true) {
+        if ($this->refreshTokenRepository->isRefreshTokenRevoked($refreshTokenData['refresh_token_id']) === true) {
             throw OAuthServerException::invalidRefreshToken('Token has been revoked');
         }
 
diff --git a/src/Server.php b/src/Server.php
index 9d328d3c..13765727 100644
--- a/src/Server.php
+++ b/src/Server.php
@@ -128,7 +128,8 @@ class Server implements EmitterAwareInterface
         }
 
         $tokenResponse = null;
-        foreach ($this->enabledGrantTypes as $grantType) {
+        while ($tokenResponse === null && $grantType = array_shift($this->enabledGrantTypes)) {
+            /** @var \League\OAuth2\Server\Grant\GrantTypeInterface $grantType */
             if ($grantType->canRespondToRequest($request)) {
                 $tokenResponse = $grantType->respondToRequest(
                     $request,
@@ -142,11 +143,11 @@ class Server implements EmitterAwareInterface
             return $tokenResponse;
         }
 
-        if ($tokenResponse instanceof ResponseTypeInterface === false) {
-            return OAuthServerException::unsupportedGrantType()->generateHttpResponse($response);
+        if ($tokenResponse instanceof ResponseTypeInterface) {
+            return $tokenResponse->generateHttpResponse($response);
         }
 
-        return $tokenResponse->generateHttpResponse($response);
+        throw OAuthServerException::unsupportedGrantType();
     }
 
     /**
diff --git a/tests/Bootstrap.php b/tests/Bootstrap.php
index 99c00e16..b02cb7be 100644
--- a/tests/Bootstrap.php
+++ b/tests/Bootstrap.php
@@ -1,5 +1,11 @@
 <?php
 
 if (!@include_once __DIR__ . '/../vendor/autoload.php') {
-    exit("You must set up the project dependencies, run the following commands:\n> wget http://getcomposer.org/composer.phar\n> php composer.phar install\n");
+    $message = <<<MSG
+You must set up the project dependencies, run the following commands:
+> wget http://getcomposer.org/composer.phar
+> php composer.phar install
+MSG;
+
+    exit($message);
 }
diff --git a/tests/Grant/AbstractGrantTest.php b/tests/Grant/AbstractGrantTest.php
index a2b764d2..4820e3a2 100644
--- a/tests/Grant/AbstractGrantTest.php
+++ b/tests/Grant/AbstractGrantTest.php
@@ -4,17 +4,17 @@ namespace LeagueTests\Grant;
 
 use League\Event\Emitter;
 use League\OAuth2\Server\Entities\AccessTokenEntity;
-use League\OAuth2\Server\Entities\ClientEntity;
 use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface;
 use League\OAuth2\Server\Entities\Interfaces\AuthCodeEntityInterface;
 use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface;
-use League\OAuth2\Server\Entities\ScopeEntity;
 use League\OAuth2\Server\Grant\AbstractGrant;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
+use LeagueTests\Stubs\ClientEntity;
+use LeagueTests\Stubs\ScopeEntity;
 use Zend\Diactoros\ServerRequest;
 
 class AbstractGrantTest extends \PHPUnit_Framework_TestCase
@@ -343,14 +343,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
         $grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
         $grantMock->setScopeRepository($scopeRepositoryMock);
 
-        $serverRequest = new ServerRequest();
-        $serverRequest = $serverRequest->withParsedBody(
-            [
-                'scope' => 'basic   ',
-            ]
-        );
-
-        $this->assertEquals([$scope], $grantMock->validateScopes($serverRequest, new ClientEntity()));
+        $this->assertEquals([$scope], $grantMock->validateScopes('basic   ', new ClientEntity()));
     }
 
     /**
@@ -365,14 +358,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
         $grantMock = $this->getMockForAbstractClass(AbstractGrant::class);
         $grantMock->setScopeRepository($scopeRepositoryMock);
 
-        $serverRequest = new ServerRequest();
-        $serverRequest = $serverRequest->withParsedBody(
-            [
-                'scope' => 'basic   ',
-            ]
-        );
-
-        $grantMock->validateScopes($serverRequest, new ClientEntity());
+        $grantMock->validateScopes('basic   ', new ClientEntity());
     }
 
     public function testGenerateUniqueIdentifier()
diff --git a/tests/Grant/AuthCodeGrantTest.php b/tests/Grant/AuthCodeGrantTest.php
index 2772527d..230c9442 100644
--- a/tests/Grant/AuthCodeGrantTest.php
+++ b/tests/Grant/AuthCodeGrantTest.php
@@ -2,7 +2,6 @@
 
 namespace LeagueTests\Grant;
 
-use League\OAuth2\Server\Entities\ClientEntity;
 use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface;
 use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface;
 use League\OAuth2\Server\Exception\OAuthServerException;
@@ -11,8 +10,11 @@ use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
+use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
 use League\OAuth2\Server\Repositories\UserRepositoryInterface;
 use League\OAuth2\Server\Utils\KeyCrypt;
+use LeagueTests\Stubs\ClientEntity;
+use LeagueTests\Stubs\ScopeEntity;
 use LeagueTests\Stubs\StubResponseType;
 use LeagueTests\Stubs\UserEntity;
 use Psr\Http\Message\ResponseInterface;
@@ -577,6 +579,10 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
         $userEntity = new UserEntity();
         $userRepositoryMock->method('getUserEntityByUserCredentials')->willReturn($userEntity);
 
+        $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
+        $scopeEntity = new ScopeEntity();
+        $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scopeEntity);
+
         $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
         $accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf();
 
@@ -590,6 +596,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
             new \DateInterval('PT10M')
         );
         $grant->setClientRepository($clientRepositoryMock);
+        $grant->setScopeRepository($scopeRepositoryMock);
         $grant->setAccessTokenRepository($accessTokenRepositoryMock);
         $grant->setRefreshTokenRepository($refreshTokenRepositoryMock);
         $grant->setPathToPublicKey('file://' . __DIR__ . '/../Utils/public.key');
diff --git a/tests/Grant/ClientCredentialsGrantTest.php b/tests/Grant/ClientCredentialsGrantTest.php
index c67e889c..7ca1487d 100644
--- a/tests/Grant/ClientCredentialsGrantTest.php
+++ b/tests/Grant/ClientCredentialsGrantTest.php
@@ -2,11 +2,11 @@
 
 namespace LeagueTests\Grant;
 
-use League\OAuth2\Server\Entities\ClientEntity;
 use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface;
 use League\OAuth2\Server\Grant\ClientCredentialsGrant;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
+use LeagueTests\Stubs\ClientEntity;
 use LeagueTests\Stubs\StubResponseType;
 use Zend\Diactoros\ServerRequest;
 
diff --git a/tests/Grant/ImplicitGrantTest.php b/tests/Grant/ImplicitGrantTest.php
index 85371d82..9d075a69 100644
--- a/tests/Grant/ImplicitGrantTest.php
+++ b/tests/Grant/ImplicitGrantTest.php
@@ -2,13 +2,13 @@
 
 namespace LeagueTests\Grant;
 
-use League\OAuth2\Server\Entities\ClientEntity;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Grant\ImplicitGrant;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 use League\OAuth2\Server\Repositories\UserRepositoryInterface;
 use League\OAuth2\Server\Utils\KeyCrypt;
+use LeagueTests\Stubs\ClientEntity;
 use LeagueTests\Stubs\StubResponseType;
 use LeagueTests\Stubs\UserEntity;
 use Psr\Http\Message\ResponseInterface;
diff --git a/tests/Grant/PasswordGrantTest.php b/tests/Grant/PasswordGrantTest.php
index e4f9e3a9..d7938b94 100644
--- a/tests/Grant/PasswordGrantTest.php
+++ b/tests/Grant/PasswordGrantTest.php
@@ -2,7 +2,6 @@
 
 namespace LeagueTests\Grant;
 
-use League\OAuth2\Server\Entities\ClientEntity;
 use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface;
 use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface;
 use League\OAuth2\Server\Grant\PasswordGrant;
@@ -10,6 +9,7 @@ use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\UserRepositoryInterface;
+use LeagueTests\Stubs\ClientEntity;
 use LeagueTests\Stubs\StubResponseType;
 use LeagueTests\Stubs\UserEntity;
 use Zend\Diactoros\ServerRequest;
diff --git a/tests/Grant/RefreshTokenGrantTest.php b/tests/Grant/RefreshTokenGrantTest.php
index c9edebe2..d6b63203 100644
--- a/tests/Grant/RefreshTokenGrantTest.php
+++ b/tests/Grant/RefreshTokenGrantTest.php
@@ -2,16 +2,16 @@
 
 namespace LeagueTests\Grant;
 
-use League\OAuth2\Server\Entities\ClientEntity;
 use League\OAuth2\Server\Entities\Interfaces\AccessTokenEntityInterface;
 use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface;
-use League\OAuth2\Server\Entities\ScopeEntity;
 use League\OAuth2\Server\Grant\RefreshTokenGrant;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
 use League\OAuth2\Server\Utils\KeyCrypt;
+use LeagueTests\Stubs\ClientEntity;
+use LeagueTests\Stubs\ScopeEntity;
 use LeagueTests\Stubs\StubResponseType;
 use Zend\Diactoros\ServerRequest;
 
@@ -33,6 +33,10 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $clientRepositoryMock = $this->getMockBuilder(ClientRepositoryInterface::class)->getMock();
         $clientRepositoryMock->method('getClientEntity')->willReturn($client);
 
+        $scopeRepositoryMock = $this->getMockBuilder(ScopeRepositoryInterface::class)->getMock();
+        $scopeEntity = new ScopeEntity();
+        $scopeRepositoryMock->method('getScopeEntityByIdentifier')->willReturn($scopeEntity);
+
         $accessTokenRepositoryMock = $this->getMockBuilder(AccessTokenRepositoryInterface::class)->getMock();
         $accessTokenRepositoryMock->method('persistNewAccessToken')->willReturnSelf();
 
@@ -41,6 +45,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
 
         $grant = new RefreshTokenGrant($refreshTokenRepositoryMock);
         $grant->setClientRepository($clientRepositoryMock);
+        $grant->setScopeRepository($scopeRepositoryMock);
         $grant->setAccessTokenRepository($accessTokenRepositoryMock);
         $grant->setPathToPublicKey('file://' . __DIR__ . '/../Utils/public.key');
         $grant->setPathToPrivateKey('file://' . __DIR__ . '/../Utils/private.key');
diff --git a/tests/Middleware/AuthenticationServerMiddlewareTest.php b/tests/Middleware/AuthenticationServerMiddlewareTest.php
index ca2c430a..8fb8a553 100644
--- a/tests/Middleware/AuthenticationServerMiddlewareTest.php
+++ b/tests/Middleware/AuthenticationServerMiddlewareTest.php
@@ -2,13 +2,13 @@
 
 namespace LeagueTests\Middleware;
 
-use League\OAuth2\Server\Entities\ClientEntity;
 use League\OAuth2\Server\Grant\ClientCredentialsGrant;
 use League\OAuth2\Server\Middleware\AuthenticationServerMiddleware;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
 use League\OAuth2\Server\Server;
+use LeagueTests\Stubs\ClientEntity;
 use LeagueTests\Stubs\StubResponseType;
 use Zend\Diactoros\Response;
 use Zend\Diactoros\ServerRequestFactory;
diff --git a/tests/ResponseTypes/BearerResponseTypeTest.php b/tests/ResponseTypes/BearerResponseTypeTest.php
index de4ac7fa..ce7620ea 100644
--- a/tests/ResponseTypes/BearerResponseTypeTest.php
+++ b/tests/ResponseTypes/BearerResponseTypeTest.php
@@ -3,12 +3,12 @@
 namespace LeagueTests\ResponseTypes;
 
 use League\OAuth2\Server\Entities\AccessTokenEntity;
-use League\OAuth2\Server\Entities\ClientEntity;
 use League\OAuth2\Server\Entities\RefreshTokenEntity;
-use League\OAuth2\Server\Entities\ScopeEntity;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
 use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
+use LeagueTests\Stubs\ClientEntity;
+use LeagueTests\Stubs\ScopeEntity;
 use Psr\Http\Message\ResponseInterface;
 use Zend\Diactoros\Response;
 use Zend\Diactoros\ServerRequest;
diff --git a/tests/ServerTest.php b/tests/ServerTest.php
index 74d88740..1563e34a 100644
--- a/tests/ServerTest.php
+++ b/tests/ServerTest.php
@@ -2,7 +2,6 @@
 
 namespace LeagueTests;
 
-use League\OAuth2\Server\Entities\ClientEntity;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Grant\AuthCodeGrant;
 use League\OAuth2\Server\Grant\ClientCredentialsGrant;
@@ -14,6 +13,7 @@ use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
 use League\OAuth2\Server\Repositories\UserRepositoryInterface;
 use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
 use League\OAuth2\Server\Server;
+use LeagueTests\Stubs\ClientEntity;
 use LeagueTests\Stubs\StubResponseType;
 use Psr\Http\Message\ResponseInterface;
 use Zend\Diactoros\ServerRequest;
@@ -33,9 +33,12 @@ class ServerTest extends \PHPUnit_Framework_TestCase
 
         $server->enableGrantType(new ClientCredentialsGrant(), new \DateInterval('PT1M'));
 
-        $response = $server->respondToRequest();
-        $this->assertTrue($response instanceof ResponseInterface);
-        $this->assertEquals(400, $response->getStatusCode());
+        try {
+            $server->respondToRequest();
+        } catch (OAuthServerException $e) {
+            $this->assertEquals('unsupported_grant_type', $e->getErrorType());
+            $this->assertEquals(400, $e->getHttpStatusCode());
+        }
     }
 
     public function testRespondToRequest()
diff --git a/src/Entities/Traits/ClientEntityTrait.php b/tests/Stubs/ClientEntity.php
similarity index 82%
rename from src/Entities/Traits/ClientEntityTrait.php
rename to tests/Stubs/ClientEntity.php
index 88e1188f..74775ab0 100644
--- a/src/Entities/Traits/ClientEntityTrait.php
+++ b/tests/Stubs/ClientEntity.php
@@ -1,9 +1,14 @@
 <?php
 
-namespace League\OAuth2\Server\Entities\Traits;
+namespace LeagueTests\Stubs;
 
-trait ClientEntityTrait
+use League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface;
+use League\OAuth2\Server\Entities\Traits\EntityTrait;
+
+class ClientEntity implements ClientEntityInterface
 {
+    use EntityTrait;
+
     /**
      * @var string
      */
diff --git a/src/Entities/ScopeEntity.php b/tests/Stubs/ScopeEntity.php
similarity index 73%
rename from src/Entities/ScopeEntity.php
rename to tests/Stubs/ScopeEntity.php
index 7d336b5e..ad448769 100644
--- a/src/Entities/ScopeEntity.php
+++ b/tests/Stubs/ScopeEntity.php
@@ -1,20 +1,14 @@
 <?php
 
-namespace League\OAuth2\Server\Entities;
+namespace LeagueTests\Stubs;
 
 use League\OAuth2\Server\Entities\Interfaces\ScopeEntityInterface;
 use League\OAuth2\Server\Entities\Traits\EntityTrait;
 
-/**
- * Class ScopeEntity.
- */
 class ScopeEntity implements ScopeEntityInterface
 {
     use EntityTrait;
 
-    /**
-     * {@inheritdoc}
-     */
     public function jsonSerialize()
     {
         return $this->getIdentifier();