From 0f8c7929d63ce5ccbc8faaa2b0106a1e097f81d8 Mon Sep 17 00:00:00 2001
From: Joren Vandeweyer <joren.vandeweyer@appwise.be>
Date: Sat, 26 Aug 2023 13:38:01 +0200
Subject: [PATCH] revoke code before validating redirect uri

---
 lib/grant-types/authorization-code-grant-type.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/grant-types/authorization-code-grant-type.js b/lib/grant-types/authorization-code-grant-type.js
index 556ec72..71de6c2 100644
--- a/lib/grant-types/authorization-code-grant-type.js
+++ b/lib/grant-types/authorization-code-grant-type.js
@@ -53,8 +53,8 @@ class AuthorizationCodeGrantType extends AbstractGrantType {
     }
 
     const code = await this.getAuthorizationCode(request, client);
-    await this.validateRedirectUri(request, code);
     await this.revokeAuthorizationCode(code);
+    await this.validateRedirectUri(request, code);
 
     return this.saveToken(code.user, client, code.authorizationCode, code.scope);
   }