bshaffer · whvandervelde · Jun 4, 2019 · Jun 4, 2019
diff --git a/src/OAuth2/ClientAssertionType/HttpBasic.php b/src/OAuth2/ClientAssertionType/HttpBasic.php
@@ -71,7 +71,7 @@ public function validateRequest(RequestInterface $request, ResponseInterface $re
                 return false;
             }
         } elseif ($this->storage->checkClientCredentials($clientData['client_id'], $clientData['client_secret']) === false) {
-            $response->setError(400, 'invalid_client', 'The client credentials are invalid');
+            $response->setError(401, 'invalid_client', 'The client credentials are invalid');
 
             return false;
         }

diff --git a/test/OAuth2/Controller/TokenControllerTest.php b/test/OAuth2/Controller/TokenControllerTest.php
@@ -96,7 +96,7 @@ public function testInvalidClientId()
         ));
         $server->handleTokenRequest($request, $response = new Response());
 
-        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getStatusCode(), 401);
         $this->assertEquals($response->getParameter('error'), 'invalid_client');
         $this->assertEquals($response->getParameter('error_description'), 'The client credentials are invalid');
     }
@@ -113,7 +113,7 @@ public function testInvalidClientSecret()
         ));
         $server->handleTokenRequest($request, $response = new Response());
 
-        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getStatusCode(), 401);
         $this->assertEquals($response->getParameter('error'), 'invalid_client');
         $this->assertEquals($response->getParameter('error_description'), 'The client credentials are invalid');
     }

diff --git a/test/OAuth2/GrantType/ClientCredentialsTest.php b/test/OAuth2/GrantType/ClientCredentialsTest.php
@@ -21,7 +21,7 @@ public function testInvalidCredentials()
         ));
         $server->handleTokenRequest($request, $response = new Response());
 
-        $this->assertEquals($response->getStatusCode(), 400);
+        $this->assertEquals($response->getStatusCode(), 401);
         $this->assertEquals($response->getParameter('error'), 'invalid_client');
         $this->assertEquals($response->getParameter('error_description'), 'The client credentials are invalid');
     }