Fixed more static issues

2021-06-15 01:14:27 +02:00 · 2021-06-15 01:14:27 +02:00 · 6b3c56fb6e
commit 6b3c56fb6e
parent 7a64366d56
30 changed files with 846 additions and 871 deletions
--- a/docs/classes/Taproot-IndieAuth-Server.html
+++ b/docs/classes/Taproot-IndieAuth-Server.html
@ -252,21 +252,21 @@ documentation for both handling methods for further documentation about them.</p
            <dt class="phpdocumentor-table-of-contents__entry -property -protected">
    <a href="classes/Taproot-IndieAuth-Server.html#property_handleAuthenticationRequestCallback">$handleAuthenticationRequestCallback</a>
    <span>
-                &nbsp;: mixed            </span>
+                &nbsp;: callable            </span>
 </dt>
 <dd></dd>
            <dt class="phpdocumentor-table-of-contents__entry -property -protected">
    <a href="classes/Taproot-IndieAuth-Server.html#property_handleNonIndieAuthRequest">$handleNonIndieAuthRequest</a>
    <span>
-                &nbsp;: mixed            </span>
+                &nbsp;: callable            </span>
 </dt>
 <dd></dd>
            <dt class="phpdocumentor-table-of-contents__entry -property -protected">
    <a href="classes/Taproot-IndieAuth-Server.html#property_httpGetWithEffectiveUrl">$httpGetWithEffectiveUrl</a>
    <span>
-                &nbsp;: mixed            </span>
+                &nbsp;: callable            </span>
 </dt>
 <dd></dd>
@ -578,7 +578,7 @@ documentation for both handling methods for further documentation about them.</p
    <aside class="phpdocumentor-element-found-in">
    <abbr class="phpdocumentor-element-found-in__file" title="src/Server.php"><a href="files/src-server.html"><abbr title="src/Server.php">Server.php</abbr></a></abbr>
    :
-    <span class="phpdocumentor-element-found-in__line">117</span>
+    <span class="phpdocumentor-element-found-in__line">120</span>
 </aside>
@ -608,17 +608,18 @@ documentation for both handling methods for further documentation about them.</p
    <aside class="phpdocumentor-element-found-in">
    <abbr class="phpdocumentor-element-found-in__file" title="src/Server.php"><a href="files/src-server.html"><abbr title="src/Server.php">Server.php</abbr></a></abbr>
    :
-    <span class="phpdocumentor-element-found-in__line">113</span>
+    <span class="phpdocumentor-element-found-in__line">115</span>
 </aside>
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility">protected</span>
-        <span class="phpdocumentor-signature__type">mixed</span>
+        <span class="phpdocumentor-signature__type">callable</span>
    <span class="phpdocumentor-signature__name">$handleAuthenticationRequestCallback</span>
    </code>
-    
+        <section class="phpdocumentor-description"></section>
 </article>
@ -638,17 +639,18 @@ documentation for both handling methods for further documentation about them.</p
    <aside class="phpdocumentor-element-found-in">
    <abbr class="phpdocumentor-element-found-in__file" title="src/Server.php"><a href="files/src-server.html"><abbr title="src/Server.php">Server.php</abbr></a></abbr>
    :
-    <span class="phpdocumentor-element-found-in__line">115</span>
+    <span class="phpdocumentor-element-found-in__line">118</span>
 </aside>
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility">protected</span>
-        <span class="phpdocumentor-signature__type">mixed</span>
+        <span class="phpdocumentor-signature__type">callable</span>
    <span class="phpdocumentor-signature__name">$handleNonIndieAuthRequest</span>
    </code>
-    
+        <section class="phpdocumentor-description"></section>
 </article>
@ -668,17 +670,18 @@ documentation for both handling methods for further documentation about them.</p
    <aside class="phpdocumentor-element-found-in">
    <abbr class="phpdocumentor-element-found-in__file" title="src/Server.php"><a href="files/src-server.html"><abbr title="src/Server.php">Server.php</abbr></a></abbr>
    :
-    <span class="phpdocumentor-element-found-in__line">111</span>
+    <span class="phpdocumentor-element-found-in__line">112</span>
 </aside>
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility">protected</span>
-        <span class="phpdocumentor-signature__type">mixed</span>
+        <span class="phpdocumentor-signature__type">callable</span>
    <span class="phpdocumentor-signature__name">$httpGetWithEffectiveUrl</span>
    </code>
-    
+        <section class="phpdocumentor-description"></section>
 </article>
@ -728,7 +731,7 @@ documentation for both handling methods for further documentation about them.</p
    <aside class="phpdocumentor-element-found-in">
    <abbr class="phpdocumentor-element-found-in__file" title="src/Server.php"><a href="files/src-server.html"><abbr title="src/Server.php">Server.php</abbr></a></abbr>
    :
-    <span class="phpdocumentor-element-found-in__line">119</span>
+    <span class="phpdocumentor-element-found-in__line">122</span>
 </aside>
@ -792,7 +795,7 @@ documentation for both handling methods for further documentation about them.</p
    <aside class="phpdocumentor-element-found-in">
    <abbr class="phpdocumentor-element-found-in__file" title="src/Server.php"><a href="files/src-server.html"><abbr title="src/Server.php">Server.php</abbr></a></abbr>
    :
-    <span class="phpdocumentor-element-found-in__line">188</span>
+    <span class="phpdocumentor-element-found-in__line">191</span>
 </aside>
        <p class="phpdocumentor-summary">Constructor</p>
@ -909,7 +912,7 @@ as the logger for any objects passed in config which implement <code class="pret
    <aside class="phpdocumentor-element-found-in">
    <abbr class="phpdocumentor-element-found-in__file" title="src/Server.php"><a href="files/src-server.html"><abbr title="src/Server.php">Server.php</abbr></a></abbr>
    :
-    <span class="phpdocumentor-element-found-in__line">283</span>
+    <span class="phpdocumentor-element-found-in__line">286</span>
 </aside>
@ -941,7 +944,7 @@ as the logger for any objects passed in config which implement <code class="pret
    <aside class="phpdocumentor-element-found-in">
    <abbr class="phpdocumentor-element-found-in__file" title="src/Server.php"><a href="files/src-server.html"><abbr title="src/Server.php">Server.php</abbr></a></abbr>
    :
-    <span class="phpdocumentor-element-found-in__line">322</span>
+    <span class="phpdocumentor-element-found-in__line">325</span>
 </aside>
        <p class="phpdocumentor-summary">Handle Authorization Endpoint Request</p>
@ -1016,7 +1019,7 @@ error behaviour, one way to do so is to subclass <code class="prettyprint">Serve
    <aside class="phpdocumentor-element-found-in">
    <abbr class="phpdocumentor-element-found-in__file" title="src/Server.php"><a href="files/src-server.html"><abbr title="src/Server.php">Server.php</abbr></a></abbr>
    :
-    <span class="phpdocumentor-element-found-in__line">680</span>
+    <span class="phpdocumentor-element-found-in__line">685</span>
 </aside>
        <p class="phpdocumentor-summary">Handle Token Endpoint Request</p>
@ -1072,7 +1075,7 @@ error behaviour, one way to do so is to subclass <code class="prettyprint">Serve
    <aside class="phpdocumentor-element-found-in">
    <abbr class="phpdocumentor-element-found-in__file" title="src/Server.php"><a href="files/src-server.html"><abbr title="src/Server.php">Server.php</abbr></a></abbr>
    :
-    <span class="phpdocumentor-element-found-in__line">775</span>
+    <span class="phpdocumentor-element-found-in__line">780</span>
 </aside>
        <p class="phpdocumentor-summary">Handle Exception</p>
--- a/docs/coverage/Callback/AuthorizationFormInterface.php.html
+++ b/docs/coverage/Callback/AuthorizationFormInterface.php.html
@ -163,7 +163,7 @@
    <h4>Legend</h4>
    <p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
    <a title="Back to the top" id="toplink" href="#">
        <svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>
--- a/docs/coverage/Callback/DefaultAuthorizationForm.php.html
+++ b/docs/coverage/Callback/DefaultAuthorizationForm.php.html
@ -305,7 +305,7 @@
    <h4>Legend</h4>
    <p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
    <a title="Back to the top" id="toplink" href="#">
        <svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>
--- a/docs/coverage/Callback/SingleUserPasswordAuthenticationCallback.php.html
+++ b/docs/coverage/Callback/SingleUserPasswordAuthenticationCallback.php.html
@ -247,7 +247,7 @@
    <h4>Legend</h4>
    <p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
    <a title="Back to the top" id="toplink" href="#">
        <svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>
--- a/docs/coverage/Callback/dashboard.html
+++ b/docs/coverage/Callback/dashboard.html
@ -136,7 +136,7 @@
   <footer>
    <hr/>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
   </footer>
  </div>
--- a/docs/coverage/Callback/index.html
+++ b/docs/coverage/Callback/index.html
@ -152,7 +152,7 @@
     <span class="success"><strong>High</strong>: 90% to 100%</span>
    </p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
   </footer>
  </div>
--- a/docs/coverage/IndieAuthException.php.html
+++ b/docs/coverage/IndieAuthException.php.html
@ -324,7 +324,7 @@
    <h4>Legend</h4>
    <p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
    <a title="Back to the top" id="toplink" href="#">
        <svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>
--- a/docs/coverage/Middleware/ClosureRequestHandler.php.html
+++ b/docs/coverage/Middleware/ClosureRequestHandler.php.html
@ -180,7 +180,7 @@
    <h4>Legend</h4>
    <p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
    <a title="Back to the top" id="toplink" href="#">
        <svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>
--- a/docs/coverage/Middleware/DoubleSubmitCookieCsrfMiddleware.php.html
+++ b/docs/coverage/Middleware/DoubleSubmitCookieCsrfMiddleware.php.html
@ -324,7 +324,7 @@
    <h4>Legend</h4>
    <p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
    <a title="Back to the top" id="toplink" href="#">
        <svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>
--- a/docs/coverage/Middleware/NoOpMiddleware.php.html
+++ b/docs/coverage/Middleware/NoOpMiddleware.php.html
@ -157,7 +157,7 @@
    <h4>Legend</h4>
    <p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
    <a title="Back to the top" id="toplink" href="#">
        <svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>
--- a/docs/coverage/Middleware/ResponseRequestHandler.php.html
+++ b/docs/coverage/Middleware/ResponseRequestHandler.php.html
@ -177,7 +177,7 @@
    <h4>Legend</h4>
    <p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
    <a title="Back to the top" id="toplink" href="#">
        <svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>
--- a/docs/coverage/Middleware/dashboard.html
+++ b/docs/coverage/Middleware/dashboard.html
@ -138,7 +138,7 @@
   <footer>
    <hr/>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
   </footer>
  </div>
--- a/docs/coverage/Middleware/index.html
+++ b/docs/coverage/Middleware/index.html
@ -195,7 +195,7 @@
     <span class="success"><strong>High</strong>: 90% to 100%</span>
    </p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
   </footer>
  </div>
--- a/docs/coverage/Server.php.html
+++ b/docs/coverage/Server.php.html
--- a/docs/coverage/Storage/FilesystemJsonStorage.php.html
+++ b/docs/coverage/Storage/FilesystemJsonStorage.php.html
--- a/docs/coverage/Storage/Sqlite3Storage.php.html
+++ b/docs/coverage/Storage/Sqlite3Storage.php.html
@ -56,20 +56,6 @@
       <td class=" small"><div align="right">0&nbsp;/&nbsp;0</div></td>
      </tr>
      <tr>
       <td class=""><abbr title="Taproot\IndieAuth\Storage\Sqlite3Storage">Sqlite3Storage</abbr></td>
       <td class=" big"></td>
       <td class=" small"><div align="right">n/a</div></td>
       <td class=" small"><div align="right">0&nbsp;/&nbsp;0</div></td>
       <td class=" big"></td>
       <td class=" small"><div align="right">n/a</div></td>
       <td class=" small"><div align="right">0&nbsp;/&nbsp;0</div></td>
       <td class=" small">0</td>
       <td class=" big"></td>
       <td class=" small"><div align="right">n/a</div></td>
       <td class=" small"><div align="right">0&nbsp;/&nbsp;0</div></td>
      </tr>
     </tbody>
    </table>
@ -80,9 +66,9 @@
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="2" href="#2">2</a></td><td class="col-11 codeLine"></td></tr>
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="3" href="#3">3</a></td><td class="col-11 codeLine"><span class="keyword">namespace</span><span class="default">&nbsp;</span><span class="default">Taproot</span><span class="default">\</span><span class="default">IndieAuth</span><span class="default">\</span><span class="default">Storage</span><span class="keyword">;</span></td></tr>
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="4" href="#4">4</a></td><td class="col-11 codeLine"></td></tr>
-    <tr class=" d-flex"><td  class="col-1 text-right"><a id="5" href="#5">5</a></td><td class="col-11 codeLine"><span class="keyword">class</span><span class="default">&nbsp;</span><span class="default">Sqlite3Storage</span><span class="default">&nbsp;</span><span class="keyword">implements</span><span class="default">&nbsp;</span><span class="default">TokenStorageInterface</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
+    <tr class=" d-flex"><td  class="col-1 text-right"><a id="5" href="#5">5</a></td><td class="col-11 codeLine"><span class="comment">/*class&nbsp;Sqlite3Storage&nbsp;implements&nbsp;TokenStorageInterface&nbsp;{</span></td></tr>
-    <tr class=" d-flex"><td  class="col-1 text-right"><a id="6" href="#6">6</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span></td></tr>
+    <tr class=" d-flex"><td  class="col-1 text-right"><a id="6" href="#6">6</a></td><td class="col-11 codeLine"><span class="comment">&nbsp;&nbsp;&nbsp;&nbsp;</span></td></tr>
-    <tr class=" d-flex"><td  class="col-1 text-right"><a id="7" href="#7">7</a></td><td class="col-11 codeLine"><span class="keyword">}</span></td></tr>
+    <tr class=" d-flex"><td  class="col-1 text-right"><a id="7" href="#7">7</a></td><td class="col-11 codeLine"><span class="comment">}*/</span></td></tr>
 </tbody>
 </table>
@ -93,7 +79,7 @@
    <h4>Legend</h4>
    <p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
    <a title="Back to the top" id="toplink" href="#">
        <svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>
--- a/docs/coverage/Storage/TokenStorageInterface.php.html
+++ b/docs/coverage/Storage/TokenStorageInterface.php.html
@ -235,7 +235,7 @@
    <h4>Legend</h4>
    <p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
    <a title="Back to the top" id="toplink" href="#">
        <svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>
--- a/docs/coverage/Storage/dashboard.html
+++ b/docs/coverage/Storage/dashboard.html
@ -130,7 +130,7 @@
        </tr>
       </thead>
       <tbody>
-       <tr><td><a href="FilesystemJsonStorage.php.html#40"><abbr title="Taproot\IndieAuth\Storage\FilesystemJsonStorage::__construct">__construct</abbr></a></td><td class="text-right">4</td></tr>
+       <tr><td><a href="FilesystemJsonStorage.php.html#40"><abbr title="Taproot\IndieAuth\Storage\FilesystemJsonStorage::__construct">__construct</abbr></a></td><td class="text-right">3</td></tr>
       <tr><td><a href="FilesystemJsonStorage.php.html#68"><abbr title="Taproot\IndieAuth\Storage\FilesystemJsonStorage::createAuthCode">createAuthCode</abbr></a></td><td class="text-right">3</td></tr>
       <tr><td><a href="FilesystemJsonStorage.php.html#228"><abbr title="Taproot\IndieAuth\Storage\FilesystemJsonStorage::delete">delete</abbr></a></td><td class="text-right">3</td></tr>
@ -142,7 +142,7 @@
   <footer>
    <hr/>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
   </footer>
  </div>
@ -161,7 +161,7 @@ $(document).ready(function() {
      .yAxis.tickFormat(d3.format('d'));
    d3.select('#classCoverageDistribution svg')
-      .datum(getCoverageDistributionData([0,0,0,0,0,0,0,0,0,0,1,1], "Class Coverage"))
+      .datum(getCoverageDistributionData([0,0,0,0,0,0,0,0,0,0,1,0], "Class Coverage"))
      .transition().duration(500).call(chart);
    nv.utils.windowResize(chart.update);
@ -229,7 +229,7 @@ $(document).ready(function() {
    chart.yAxis.axisLabel('Cyclomatic Complexity');
    d3.select('#classComplexity svg')
-      .datum(getComplexityData([[92.3076923076923,47,"<a href=\"FilesystemJsonStorage.php.html#26\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage<\/a>"],[100,0,"<a href=\"Sqlite3Storage.php.html#5\">Taproot\\IndieAuth\\Storage\\Sqlite3Storage<\/a>"]], 'Class Complexity'))
+      .datum(getComplexityData([[92.3076923076923,46,"<a href=\"FilesystemJsonStorage.php.html#26\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage<\/a>"]], 'Class Complexity'))
      .transition()
      .duration(500)
      .call(chart);
@ -253,7 +253,7 @@ $(document).ready(function() {
    chart.yAxis.axisLabel('Method Complexity');
    d3.select('#methodComplexity svg')
-      .datum(getComplexityData([[81.81818181818183,4,"<a href=\"FilesystemJsonStorage.php.html#40\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::__construct<\/a>"],[100,1,"<a href=\"FilesystemJsonStorage.php.html#62\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::setLogger<\/a>"],[85.71428571428571,3,"<a href=\"FilesystemJsonStorage.php.html#68\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::createAuthCode<\/a>"],[92.85714285714286,11,"<a href=\"FilesystemJsonStorage.php.html#82\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::exchangeAuthCodeForAccessToken<\/a>"],[100,5,"<a href=\"FilesystemJsonStorage.php.html#147\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::getAccessToken<\/a>"],[100,1,"<a href=\"FilesystemJsonStorage.php.html#163\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::revokeAccessToken<\/a>"],[100,9,"<a href=\"FilesystemJsonStorage.php.html#169\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::deleteExpiredTokens<\/a>"],[91.66666666666666,4,"<a href=\"FilesystemJsonStorage.php.html#197\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::get<\/a>"],[100,1,"<a href=\"FilesystemJsonStorage.php.html#219\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::put<\/a>"],[87.5,3,"<a href=\"FilesystemJsonStorage.php.html#228\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::delete<\/a>"],[100,1,"<a href=\"FilesystemJsonStorage.php.html#242\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::getPath<\/a>"],[90.9090909090909,3,"<a href=\"FilesystemJsonStorage.php.html#247\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::withLock<\/a>"],[100,1,"<a href=\"FilesystemJsonStorage.php.html#271\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::hash<\/a>"]], 'Method Complexity'))
+      .datum(getComplexityData([[81.81818181818183,3,"<a href=\"FilesystemJsonStorage.php.html#40\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::__construct<\/a>"],[100,1,"<a href=\"FilesystemJsonStorage.php.html#62\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::setLogger<\/a>"],[85.71428571428571,3,"<a href=\"FilesystemJsonStorage.php.html#68\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::createAuthCode<\/a>"],[92.85714285714286,11,"<a href=\"FilesystemJsonStorage.php.html#82\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::exchangeAuthCodeForAccessToken<\/a>"],[100,5,"<a href=\"FilesystemJsonStorage.php.html#147\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::getAccessToken<\/a>"],[100,1,"<a href=\"FilesystemJsonStorage.php.html#163\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::revokeAccessToken<\/a>"],[100,9,"<a href=\"FilesystemJsonStorage.php.html#169\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::deleteExpiredTokens<\/a>"],[91.66666666666666,4,"<a href=\"FilesystemJsonStorage.php.html#197\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::get<\/a>"],[100,1,"<a href=\"FilesystemJsonStorage.php.html#219\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::put<\/a>"],[87.5,3,"<a href=\"FilesystemJsonStorage.php.html#228\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::delete<\/a>"],[100,1,"<a href=\"FilesystemJsonStorage.php.html#242\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::getPath<\/a>"],[90.9090909090909,3,"<a href=\"FilesystemJsonStorage.php.html#247\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::withLock<\/a>"],[100,1,"<a href=\"FilesystemJsonStorage.php.html#271\">Taproot\\IndieAuth\\Storage\\FilesystemJsonStorage::hash<\/a>"]], 'Method Complexity'))
      .transition()
      .duration(500)
      .call(chart);
--- a/docs/coverage/Storage/index.html
+++ b/docs/coverage/Storage/index.html
@ -137,7 +137,7 @@
     <span class="success"><strong>High</strong>: 90% to 100%</span>
    </p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
   </footer>
  </div>
--- a/docs/coverage/dashboard.html
+++ b/docs/coverage/dashboard.html
--- a/docs/coverage/functions.php.html
+++ b/docs/coverage/functions.php.html
@ -129,7 +129,7 @@
      </tr>
      <tr>
-       <td class="success" colspan="4"><a href="#41"><abbr title="base64_urlencode($string)">Taproot\IndieAuth\base64_urlencode</abbr></a></td>
+       <td class="success" colspan="4"><a href="#41"><abbr title="base64_urlencode(string $string): string">Taproot\IndieAuth\base64_urlencode</abbr></a></td>
       <td class="success big">       <div class="progress">
         <div class="progress-bar bg-success" role="progressbar" aria-valuenow="100.00" aria-valuemin="0" aria-valuemax="100" style="width: 100.00%">
           <span class="sr-only">100.00% covered (success)</span>
@ -171,7 +171,7 @@
      </tr>
      <tr>
-       <td class="success" colspan="4"><a href="#60"><abbr title="isIndieAuthAuthorizationCodeRedeemingRequest(Psr\Http\Message\ServerRequestInterface $request)">Taproot\IndieAuth\isIndieAuthAuthorizationCodeRedeemingRequest</abbr></a></td>
+       <td class="success" colspan="4"><a href="#60"><abbr title="isIndieAuthAuthorizationCodeRedeemingRequest(Psr\Http\Message\ServerRequestInterface $request): bool">Taproot\IndieAuth\isIndieAuthAuthorizationCodeRedeemingRequest</abbr></a></td>
       <td class="success big">       <div class="progress">
         <div class="progress-bar bg-success" role="progressbar" aria-valuenow="100.00" aria-valuemin="0" aria-valuemax="100" style="width: 100.00%">
           <span class="sr-only">100.00% covered (success)</span>
@ -192,7 +192,7 @@
      </tr>
      <tr>
-       <td class="success" colspan="4"><a href="#66"><abbr title="isIndieAuthAuthorizationRequest(Psr\Http\Message\ServerRequestInterface $request, $permittedMethods)">Taproot\IndieAuth\isIndieAuthAuthorizationRequest</abbr></a></td>
+       <td class="success" colspan="4"><a href="#66"><abbr title="isIndieAuthAuthorizationRequest(Psr\Http\Message\ServerRequestInterface $request, array $permittedMethods): bool">Taproot\IndieAuth\isIndieAuthAuthorizationRequest</abbr></a></td>
       <td class="success big">       <div class="progress">
         <div class="progress-bar bg-success" role="progressbar" aria-valuenow="100.00" aria-valuemin="0" aria-valuemax="100" style="width: 100.00%">
           <span class="sr-only">100.00% covered (success)</span>
@ -213,7 +213,7 @@
      </tr>
      <tr>
-       <td class="success" colspan="4"><a href="#72"><abbr title="isAuthorizationApprovalRequest(Psr\Http\Message\ServerRequestInterface $request)">Taproot\IndieAuth\isAuthorizationApprovalRequest</abbr></a></td>
+       <td class="success" colspan="4"><a href="#72"><abbr title="isAuthorizationApprovalRequest(Psr\Http\Message\ServerRequestInterface $request): bool">Taproot\IndieAuth\isAuthorizationApprovalRequest</abbr></a></td>
       <td class="success big">       <div class="progress">
         <div class="progress-bar bg-success" role="progressbar" aria-valuenow="100.00" aria-valuemin="0" aria-valuemax="100" style="width: 100.00%">
           <span class="sr-only">100.00% covered (success)</span>
@ -234,7 +234,7 @@
      </tr>
      <tr>
-       <td class="success" colspan="4"><a href="#78"><abbr title="buildQueryString(array $parameters)">Taproot\IndieAuth\buildQueryString</abbr></a></td>
+       <td class="success" colspan="4"><a href="#78"><abbr title="buildQueryString(array $parameters): string">Taproot\IndieAuth\buildQueryString</abbr></a></td>
       <td class="success big">       <div class="progress">
         <div class="progress-bar bg-success" role="progressbar" aria-valuenow="100.00" aria-valuemin="0" aria-valuemax="100" style="width: 100.00%">
           <span class="sr-only">100.00% covered (success)</span>
@ -255,7 +255,7 @@
      </tr>
      <tr>
-       <td class="danger" colspan="4"><a href="#86"><abbr title="urlComponentsMatch($url1, $url2, ?array $components): bool">Taproot\IndieAuth\urlComponentsMatch</abbr></a></td>
+       <td class="danger" colspan="4"><a href="#86"><abbr title="urlComponentsMatch(string $url1, string $url2, ?array $components): bool">Taproot\IndieAuth\urlComponentsMatch</abbr></a></td>
       <td class="danger big">       <div class="progress">
         <div class="progress-bar bg-danger" role="progressbar" aria-valuenow="0.00" aria-valuemin="0" aria-valuemax="100" style="width: 0.00%">
           <span class="sr-only">0.00% covered (danger)</span>
@ -489,44 +489,44 @@
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="6 tests cover line 38" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testIsValidCodeChallenge&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testExchangeFlowsReturnErrorOnInvalidParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthEndpointTokenExchangeFailsForTokensWithInvalidScope&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthEndpointTokenExchangeReturnsCorrectResponseForValidRequest&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testTokenEndpointReturnsErrorIfAccessCodeGrantsNoScopes&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testTokenEndpointReturnsAccessTokenOnValidRequest&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="38" href="#38">38</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">return</span><span class="default">&nbsp;</span><span class="default">base64_urlencode</span><span class="keyword">(</span><span class="default">hash</span><span class="keyword">(</span><span class="default">'sha256'</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">$plaintext</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">true</span><span class="keyword">)</span><span class="keyword">)</span><span class="keyword">;</span></td></tr>
    <tr class="warning d-flex"><td  class="col-1 text-right"><a id="39" href="#39">39</a></td><td class="col-11 codeLine"><span class="keyword">}</span></td></tr>
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="40" href="#40">40</a></td><td class="col-11 codeLine"></td></tr>
-    <tr class=" d-flex"><td  class="col-1 text-right"><a id="41" href="#41">41</a></td><td class="col-11 codeLine"><span class="keyword">function</span><span class="default">&nbsp;</span><span class="default">base64_urlencode</span><span class="keyword">(</span><span class="default">$string</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
+    <tr class=" d-flex"><td  class="col-1 text-right"><a id="41" href="#41">41</a></td><td class="col-11 codeLine"><span class="keyword">function</span><span class="default">&nbsp;</span><span class="default">base64_urlencode</span><span class="keyword">(</span><span class="default">string</span><span class="default">&nbsp;</span><span class="default">$string</span><span class="keyword">)</span><span class="keyword">:</span><span class="default">&nbsp;</span><span class="default">string</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="6 tests cover line 42" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testIsValidCodeChallenge&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testExchangeFlowsReturnErrorOnInvalidParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthEndpointTokenExchangeFailsForTokensWithInvalidScope&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthEndpointTokenExchangeReturnsCorrectResponseForValidRequest&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testTokenEndpointReturnsErrorIfAccessCodeGrantsNoScopes&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testTokenEndpointReturnsAccessTokenOnValidRequest&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="42" href="#42">42</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">return</span><span class="default">&nbsp;</span><span class="default">rtrim</span><span class="keyword">(</span><span class="default">strtr</span><span class="keyword">(</span><span class="default">base64_encode</span><span class="keyword">(</span><span class="default">$string</span><span class="keyword">)</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">'+/'</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">'-_'</span><span class="keyword">)</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">'='</span><span class="keyword">)</span><span class="keyword">;</span></td></tr>
    <tr class="warning d-flex"><td  class="col-1 text-right"><a id="43" href="#43">43</a></td><td class="col-11 codeLine"><span class="keyword">}</span></td></tr>
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="44" href="#44">44</a></td><td class="col-11 codeLine"></td></tr>
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="45" href="#45">45</a></td><td class="col-11 codeLine"><span class="keyword">function</span><span class="default">&nbsp;</span><span class="default">hashAuthorizationRequestParameters</span><span class="keyword">(</span><span class="default">ServerRequestInterface</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">string</span><span class="default">&nbsp;</span><span class="default">$secret</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="keyword">?</span><span class="default">string</span><span class="default">&nbsp;</span><span class="default">$algo</span><span class="keyword">=</span><span class="default">null</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="keyword">?</span><span class="keyword">array</span><span class="default">&nbsp;</span><span class="default">$hashedParameters</span><span class="keyword">=</span><span class="default">null</span><span class="keyword">)</span><span class="keyword">:</span><span class="default">&nbsp;</span><span class="keyword">?</span><span class="default">string</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
-    <tr class="covered-by-large-tests popin d-flex"><td  data-title="14 tests cover line 46" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersReturnsNullWhenParameterIsMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="46" href="#46">46</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">$hashedParameters</span><span class="default">&nbsp;</span><span class="keyword">=</span><span class="default">&nbsp;</span><span class="default">$hashedParameters</span><span class="default">&nbsp;</span><span class="default">??</span><span class="default">&nbsp;</span><span class="keyword">[</span><span class="default">'client_id'</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">'redirect_uri'</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">'code_challenge'</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">'code_challenge_method'</span><span class="keyword">]</span><span class="keyword">;</span></td></tr>
+    <tr class="covered-by-large-tests popin d-flex"><td  data-title="17 tests cover line 46" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersReturnsNullWhenParameterIsMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="46" href="#46">46</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">$hashedParameters</span><span class="default">&nbsp;</span><span class="keyword">=</span><span class="default">&nbsp;</span><span class="default">$hashedParameters</span><span class="default">&nbsp;</span><span class="default">??</span><span class="default">&nbsp;</span><span class="keyword">[</span><span class="default">'client_id'</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">'redirect_uri'</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">'code_challenge'</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">'code_challenge_method'</span><span class="keyword">]</span><span class="keyword">;</span></td></tr>
-    <tr class="covered-by-large-tests popin d-flex"><td  data-title="14 tests cover line 47" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersReturnsNullWhenParameterIsMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="47" href="#47">47</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">$algo</span><span class="default">&nbsp;</span><span class="keyword">=</span><span class="default">&nbsp;</span><span class="default">$algo</span><span class="default">&nbsp;</span><span class="default">??</span><span class="default">&nbsp;</span><span class="default">'sha256'</span><span class="keyword">;</span></td></tr>
+    <tr class="covered-by-large-tests popin d-flex"><td  data-title="17 tests cover line 47" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersReturnsNullWhenParameterIsMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="47" href="#47">47</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">$algo</span><span class="default">&nbsp;</span><span class="keyword">=</span><span class="default">&nbsp;</span><span class="default">$algo</span><span class="default">&nbsp;</span><span class="default">??</span><span class="default">&nbsp;</span><span class="default">'sha256'</span><span class="keyword">;</span></td></tr>
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="48" href="#48">48</a></td><td class="col-11 codeLine"></td></tr>
-    <tr class="covered-by-large-tests popin d-flex"><td  data-title="14 tests cover line 49" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersReturnsNullWhenParameterIsMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="49" href="#49">49</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">$queryParams</span><span class="default">&nbsp;</span><span class="keyword">=</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="default">-&gt;</span><span class="default">getQueryParams</span><span class="keyword">(</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="default">??</span><span class="default">&nbsp;</span><span class="keyword">[</span><span class="keyword">]</span><span class="keyword">;</span></td></tr>
+    <tr class="covered-by-large-tests popin d-flex"><td  data-title="17 tests cover line 49" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersReturnsNullWhenParameterIsMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="49" href="#49">49</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">$queryParams</span><span class="default">&nbsp;</span><span class="keyword">=</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="default">-&gt;</span><span class="default">getQueryParams</span><span class="keyword">(</span><span class="keyword">)</span><span class="keyword">;</span></td></tr>
-    <tr class="covered-by-large-tests popin d-flex"><td  data-title="14 tests cover line 50" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersReturnsNullWhenParameterIsMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="50" href="#50">50</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">$data</span><span class="default">&nbsp;</span><span class="keyword">=</span><span class="default">&nbsp;</span><span class="default">''</span><span class="keyword">;</span></td></tr>
+    <tr class="covered-by-large-tests popin d-flex"><td  data-title="17 tests cover line 50" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersReturnsNullWhenParameterIsMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="50" href="#50">50</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">$data</span><span class="default">&nbsp;</span><span class="keyword">=</span><span class="default">&nbsp;</span><span class="default">''</span><span class="keyword">;</span></td></tr>
-    <tr class="covered-by-large-tests popin d-flex"><td  data-title="14 tests cover line 51" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersReturnsNullWhenParameterIsMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="51" href="#51">51</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">foreach</span><span class="default">&nbsp;</span><span class="keyword">(</span><span class="default">$hashedParameters</span><span class="default">&nbsp;</span><span class="keyword">as</span><span class="default">&nbsp;</span><span class="default">$key</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
+    <tr class="covered-by-large-tests popin d-flex"><td  data-title="17 tests cover line 51" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersReturnsNullWhenParameterIsMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="51" href="#51">51</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">foreach</span><span class="default">&nbsp;</span><span class="keyword">(</span><span class="default">$hashedParameters</span><span class="default">&nbsp;</span><span class="keyword">as</span><span class="default">&nbsp;</span><span class="default">$key</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
-    <tr class="covered-by-large-tests popin d-flex"><td  data-title="14 tests cover line 52" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersReturnsNullWhenParameterIsMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="52" href="#52">52</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">if</span><span class="default">&nbsp;</span><span class="keyword">(</span><span class="keyword">!</span><span class="default">array_key_exists</span><span class="keyword">(</span><span class="default">$key</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">$queryParams</span><span class="keyword">)</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
+    <tr class="covered-by-large-tests popin d-flex"><td  data-title="17 tests cover line 52" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersReturnsNullWhenParameterIsMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="52" href="#52">52</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">if</span><span class="default">&nbsp;</span><span class="keyword">(</span><span class="keyword">!</span><span class="keyword">isset</span><span class="keyword">(</span><span class="default">$queryParams</span><span class="keyword">[</span><span class="default">$key</span><span class="keyword">]</span><span class="keyword">)</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="1 test covers line 53" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersReturnsNullWhenParameterIsMissing&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="53" href="#53">53</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">return</span><span class="default">&nbsp;</span><span class="default">null</span><span class="keyword">;</span></td></tr>
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="54" href="#54">54</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">}</span></td></tr>
-    <tr class="covered-by-large-tests popin d-flex"><td  data-title="13 tests cover line 55" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="55" href="#55">55</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">$data</span><span class="default">&nbsp;</span><span class="default">.=</span><span class="default">&nbsp;</span><span class="default">$queryParams</span><span class="keyword">[</span><span class="default">$key</span><span class="keyword">]</span><span class="keyword">;</span></td></tr>
+    <tr class="covered-by-large-tests popin d-flex"><td  data-title="16 tests cover line 55" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="55" href="#55">55</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">$data</span><span class="default">&nbsp;</span><span class="default">.=</span><span class="default">&nbsp;</span><span class="default">$queryParams</span><span class="keyword">[</span><span class="default">$key</span><span class="keyword">]</span><span class="keyword">;</span></td></tr>
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="56" href="#56">56</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">}</span></td></tr>
-    <tr class="covered-by-large-tests popin d-flex"><td  data-title="13 tests cover line 57" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="57" href="#57">57</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">return</span><span class="default">&nbsp;</span><span class="default">hash_hmac</span><span class="keyword">(</span><span class="default">$algo</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">$data</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">$secret</span><span class="keyword">)</span><span class="keyword">;</span></td></tr>
+    <tr class="covered-by-large-tests popin d-flex"><td  data-title="16 tests cover line 57" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testHashAuthorizationRequestParametersIgnoresExtraParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="57" href="#57">57</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">return</span><span class="default">&nbsp;</span><span class="default">hash_hmac</span><span class="keyword">(</span><span class="default">$algo</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">$data</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">$secret</span><span class="keyword">)</span><span class="keyword">;</span></td></tr>
    <tr class="warning d-flex"><td  class="col-1 text-right"><a id="58" href="#58">58</a></td><td class="col-11 codeLine"><span class="keyword">}</span></td></tr>
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="59" href="#59">59</a></td><td class="col-11 codeLine"></td></tr>
-    <tr class=" d-flex"><td  class="col-1 text-right"><a id="60" href="#60">60</a></td><td class="col-11 codeLine"><span class="keyword">function</span><span class="default">&nbsp;</span><span class="default">isIndieAuthAuthorizationCodeRedeemingRequest</span><span class="keyword">(</span><span class="default">ServerRequestInterface</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
+    <tr class=" d-flex"><td  class="col-1 text-right"><a id="60" href="#60">60</a></td><td class="col-11 codeLine"><span class="keyword">function</span><span class="default">&nbsp;</span><span class="default">isIndieAuthAuthorizationCodeRedeemingRequest</span><span class="keyword">(</span><span class="default">ServerRequestInterface</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="keyword">)</span><span class="keyword">:</span><span class="default">&nbsp;</span><span class="default">bool</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="25 tests cover line 61" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthorizationRequestWithInvalidClientIdOrRedirectUriShowsErrorToUser&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testExchangeFlowsReturnErrorsIfParametersAreMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testExchangeFlowsReturnErrorOnInvalidParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthEndpointTokenExchangeFailsForTokensWithInvalidScope&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthEndpointTokenExchangeReturnsCorrectResponseForValidRequest&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testTokenEndpointReturnsErrorOnNonIndieauthRequest&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testTokenEndpointReturnsErrorIfAccessCodeGrantsNoScopes&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testTokenEndpointReturnsAccessTokenOnValidRequest&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testNonIndieAuthRequestWithDefaultHandlerReturnsError&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testResponseReturnedFromNonIndieAuthRequestHandler&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="61" href="#61">61</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">return</span><span class="default">&nbsp;</span><span class="default">strtolower</span><span class="keyword">(</span><span class="default">$request</span><span class="default">-&gt;</span><span class="default">getMethod</span><span class="keyword">(</span><span class="keyword">)</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="default">==</span><span class="default">&nbsp;</span><span class="default">'post'</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="25 tests cover line 62" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthorizationRequestWithInvalidClientIdOrRedirectUriShowsErrorToUser&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testExchangeFlowsReturnErrorsIfParametersAreMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testExchangeFlowsReturnErrorOnInvalidParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthEndpointTokenExchangeFailsForTokensWithInvalidScope&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthEndpointTokenExchangeReturnsCorrectResponseForValidRequest&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testTokenEndpointReturnsErrorOnNonIndieauthRequest&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testTokenEndpointReturnsErrorIfAccessCodeGrantsNoScopes&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testTokenEndpointReturnsAccessTokenOnValidRequest&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testNonIndieAuthRequestWithDefaultHandlerReturnsError&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testResponseReturnedFromNonIndieAuthRequestHandler&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="62" href="#62">62</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">&amp;&amp;</span><span class="default">&nbsp;</span><span class="default">array_key_exists</span><span class="keyword">(</span><span class="default">'grant_type'</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="default">-&gt;</span><span class="default">getParsedBody</span><span class="keyword">(</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="default">??</span><span class="default">&nbsp;</span><span class="keyword">[</span><span class="keyword">]</span><span class="keyword">)</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="25 tests cover line 63" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthorizationRequestWithInvalidClientIdOrRedirectUriShowsErrorToUser&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testExchangeFlowsReturnErrorsIfParametersAreMissing&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testExchangeFlowsReturnErrorOnInvalidParameters&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthEndpointTokenExchangeFailsForTokensWithInvalidScope&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthEndpointTokenExchangeReturnsCorrectResponseForValidRequest&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testTokenEndpointReturnsErrorOnNonIndieauthRequest&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testTokenEndpointReturnsErrorIfAccessCodeGrantsNoScopes&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testTokenEndpointReturnsAccessTokenOnValidRequest&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testNonIndieAuthRequestWithDefaultHandlerReturnsError&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testResponseReturnedFromNonIndieAuthRequestHandler&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="63" href="#63">63</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">&amp;&amp;</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="default">-&gt;</span><span class="default">getParsedBody</span><span class="keyword">(</span><span class="keyword">)</span><span class="keyword">[</span><span class="default">'grant_type'</span><span class="keyword">]</span><span class="default">&nbsp;</span><span class="default">==</span><span class="default">&nbsp;</span><span class="default">'authorization_code'</span><span class="keyword">;</span></td></tr>
    <tr class="warning d-flex"><td  class="col-1 text-right"><a id="64" href="#64">64</a></td><td class="col-11 codeLine"><span class="keyword">}</span></td></tr>
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="65" href="#65">65</a></td><td class="col-11 codeLine"></td></tr>
-    <tr class=" d-flex"><td  class="col-1 text-right"><a id="66" href="#66">66</a></td><td class="col-11 codeLine"><span class="keyword">function</span><span class="default">&nbsp;</span><span class="default">isIndieAuthAuthorizationRequest</span><span class="keyword">(</span><span class="default">ServerRequestInterface</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">$permittedMethods</span><span class="keyword">=</span><span class="keyword">[</span><span class="default">'get'</span><span class="keyword">]</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
+    <tr class=" d-flex"><td  class="col-1 text-right"><a id="66" href="#66">66</a></td><td class="col-11 codeLine"><span class="keyword">function</span><span class="default">&nbsp;</span><span class="default">isIndieAuthAuthorizationRequest</span><span class="keyword">(</span><span class="default">ServerRequestInterface</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="keyword">array</span><span class="default">&nbsp;</span><span class="default">$permittedMethods</span><span class="keyword">=</span><span class="keyword">[</span><span class="default">'get'</span><span class="keyword">]</span><span class="keyword">)</span><span class="keyword">:</span><span class="default">&nbsp;</span><span class="default">bool</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="18 tests cover line 67" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthorizationRequestWithInvalidClientIdOrRedirectUriShowsErrorToUser&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testNonIndieAuthRequestWithDefaultHandlerReturnsError&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testResponseReturnedFromNonIndieAuthRequestHandler&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="67" href="#67">67</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">return</span><span class="default">&nbsp;</span><span class="default">in_array</span><span class="keyword">(</span><span class="default">strtolower</span><span class="keyword">(</span><span class="default">$request</span><span class="default">-&gt;</span><span class="default">getMethod</span><span class="keyword">(</span><span class="keyword">)</span><span class="keyword">)</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">array_map</span><span class="keyword">(</span><span class="default">'strtolower'</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">$permittedMethods</span><span class="keyword">)</span><span class="keyword">)</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="18 tests cover line 68" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthorizationRequestWithInvalidClientIdOrRedirectUriShowsErrorToUser&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testNonIndieAuthRequestWithDefaultHandlerReturnsError&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testResponseReturnedFromNonIndieAuthRequestHandler&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="68" href="#68">68</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">&amp;&amp;</span><span class="default">&nbsp;</span><span class="default">array_key_exists</span><span class="keyword">(</span><span class="default">'response_type'</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="default">-&gt;</span><span class="default">getQueryParams</span><span class="keyword">(</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="default">??</span><span class="default">&nbsp;</span><span class="keyword">[</span><span class="keyword">]</span><span class="keyword">)</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="18 tests cover line 69" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testAuthorizationRequestWithInvalidClientIdOrRedirectUriShowsErrorToUser&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testNonIndieAuthRequestWithDefaultHandlerReturnsError&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testResponseReturnedFromNonIndieAuthRequestHandler&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="69" href="#69">69</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">&amp;&amp;</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="default">-&gt;</span><span class="default">getQueryParams</span><span class="keyword">(</span><span class="keyword">)</span><span class="keyword">[</span><span class="default">'response_type'</span><span class="keyword">]</span><span class="default">&nbsp;</span><span class="default">==</span><span class="default">&nbsp;</span><span class="default">'code'</span><span class="keyword">;</span></td></tr>
    <tr class="warning d-flex"><td  class="col-1 text-right"><a id="70" href="#70">70</a></td><td class="col-11 codeLine"><span class="keyword">}</span></td></tr>
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="71" href="#71">71</a></td><td class="col-11 codeLine"></td></tr>
-    <tr class=" d-flex"><td  class="col-1 text-right"><a id="72" href="#72">72</a></td><td class="col-11 codeLine"><span class="keyword">function</span><span class="default">&nbsp;</span><span class="default">isAuthorizationApprovalRequest</span><span class="keyword">(</span><span class="default">ServerRequestInterface</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
+    <tr class=" d-flex"><td  class="col-1 text-right"><a id="72" href="#72">72</a></td><td class="col-11 codeLine"><span class="keyword">function</span><span class="default">&nbsp;</span><span class="default">isAuthorizationApprovalRequest</span><span class="keyword">(</span><span class="default">ServerRequestInterface</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="keyword">)</span><span class="keyword">:</span><span class="default">&nbsp;</span><span class="default">bool</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="9 tests cover line 73" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="73" href="#73">73</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">return</span><span class="default">&nbsp;</span><span class="default">strtolower</span><span class="keyword">(</span><span class="default">$request</span><span class="default">-&gt;</span><span class="default">getMethod</span><span class="keyword">(</span><span class="keyword">)</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="default">==</span><span class="default">&nbsp;</span><span class="default">'post'</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="9 tests cover line 74" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="74" href="#74">74</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">&amp;&amp;</span><span class="default">&nbsp;</span><span class="default">array_key_exists</span><span class="keyword">(</span><span class="default">'taproot_indieauth_action'</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="default">-&gt;</span><span class="default">getParsedBody</span><span class="keyword">(</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="default">??</span><span class="default">&nbsp;</span><span class="keyword">[</span><span class="keyword">]</span><span class="keyword">)</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="9 tests cover line 75" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="75" href="#75">75</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">&amp;&amp;</span><span class="default">&nbsp;</span><span class="default">$request</span><span class="default">-&gt;</span><span class="default">getParsedBody</span><span class="keyword">(</span><span class="keyword">)</span><span class="keyword">[</span><span class="default">Server</span><span class="default">::</span><span class="default">APPROVE_ACTION_KEY</span><span class="keyword">]</span><span class="default">&nbsp;</span><span class="default">==</span><span class="default">&nbsp;</span><span class="default">Server</span><span class="default">::</span><span class="default">APPROVE_ACTION_VALUE</span><span class="keyword">;</span></td></tr>
    <tr class="warning d-flex"><td  class="col-1 text-right"><a id="76" href="#76">76</a></td><td class="col-11 codeLine"><span class="keyword">}</span></td></tr>
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="77" href="#77">77</a></td><td class="col-11 codeLine"></td></tr>
-    <tr class=" d-flex"><td  class="col-1 text-right"><a id="78" href="#78">78</a></td><td class="col-11 codeLine"><span class="keyword">function</span><span class="default">&nbsp;</span><span class="default">buildQueryString</span><span class="keyword">(</span><span class="keyword">array</span><span class="default">&nbsp;</span><span class="default">$parameters</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
+    <tr class=" d-flex"><td  class="col-1 text-right"><a id="78" href="#78">78</a></td><td class="col-11 codeLine"><span class="keyword">function</span><span class="default">&nbsp;</span><span class="default">buildQueryString</span><span class="keyword">(</span><span class="keyword">array</span><span class="default">&nbsp;</span><span class="default">$parameters</span><span class="keyword">)</span><span class="keyword">:</span><span class="default">&nbsp;</span><span class="default">string</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="15 tests cover line 79" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testBuildQueryString&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testAppendQueryParams&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="79" href="#79">79</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">$qs</span><span class="default">&nbsp;</span><span class="keyword">=</span><span class="default">&nbsp;</span><span class="keyword">[</span><span class="keyword">]</span><span class="keyword">;</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="15 tests cover line 80" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testBuildQueryString&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testAppendQueryParams&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="80" href="#80">80</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">foreach</span><span class="default">&nbsp;</span><span class="keyword">(</span><span class="default">$parameters</span><span class="default">&nbsp;</span><span class="keyword">as</span><span class="default">&nbsp;</span><span class="default">$k</span><span class="default">&nbsp;</span><span class="default">=&gt;</span><span class="default">&nbsp;</span><span class="default">$v</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="15 tests cover line 81" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testBuildQueryString&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testAppendQueryParams&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="81" href="#81">81</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">$qs</span><span class="keyword">[</span><span class="keyword">]</span><span class="default">&nbsp;</span><span class="keyword">=</span><span class="default">&nbsp;</span><span class="default">urlencode</span><span class="keyword">(</span><span class="default">$k</span><span class="keyword">)</span><span class="default">&nbsp;</span><span class="keyword">.</span><span class="default">&nbsp;</span><span class="default">'='</span><span class="default">&nbsp;</span><span class="keyword">.</span><span class="default">&nbsp;</span><span class="default">urlencode</span><span class="keyword">(</span><span class="default">$v</span><span class="keyword">)</span><span class="keyword">;</span></td></tr>
@ -534,7 +534,7 @@
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="15 tests cover line 83" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testBuildQueryString&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\FunctionTest::testAppendQueryParams&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsInternalServerErrorIfAuthCodeCannotBeStored&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="83" href="#83">83</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="keyword">return</span><span class="default">&nbsp;</span><span class="default">join</span><span class="keyword">(</span><span class="default">'&amp;'</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">$qs</span><span class="keyword">)</span><span class="keyword">;</span></td></tr>
    <tr class="warning d-flex"><td  class="col-1 text-right"><a id="84" href="#84">84</a></td><td class="col-11 codeLine"><span class="keyword">}</span></td></tr>
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="85" href="#85">85</a></td><td class="col-11 codeLine"></td></tr>
-    <tr class=" d-flex"><td  class="col-1 text-right"><a id="86" href="#86">86</a></td><td class="col-11 codeLine"><span class="keyword">function</span><span class="default">&nbsp;</span><span class="default">urlComponentsMatch</span><span class="keyword">(</span><span class="default">$url1</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">$url2</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="keyword">?</span><span class="keyword">array</span><span class="default">&nbsp;</span><span class="default">$components</span><span class="keyword">=</span><span class="default">null</span><span class="keyword">)</span><span class="keyword">:</span><span class="default">&nbsp;</span><span class="default">bool</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
+    <tr class=" d-flex"><td  class="col-1 text-right"><a id="86" href="#86">86</a></td><td class="col-11 codeLine"><span class="keyword">function</span><span class="default">&nbsp;</span><span class="default">urlComponentsMatch</span><span class="keyword">(</span><span class="default">string</span><span class="default">&nbsp;</span><span class="default">$url1</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">string</span><span class="default">&nbsp;</span><span class="default">$url2</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="keyword">?</span><span class="keyword">array</span><span class="default">&nbsp;</span><span class="default">$components</span><span class="keyword">=</span><span class="default">null</span><span class="keyword">)</span><span class="keyword">:</span><span class="default">&nbsp;</span><span class="default">bool</span><span class="default">&nbsp;</span><span class="keyword">{</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="14 tests cover line 87" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="87" href="#87">87</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">$validComponents</span><span class="default">&nbsp;</span><span class="keyword">=</span><span class="default">&nbsp;</span><span class="keyword">[</span><span class="default">PHP_URL_HOST</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">PHP_URL_PASS</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">PHP_URL_PATH</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">PHP_URL_PORT</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">PHP_URL_USER</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">PHP_URL_QUERY</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">PHP_URL_SCHEME</span><span class="keyword">,</span><span class="default">&nbsp;</span><span class="default">PHP_URL_FRAGMENT</span><span class="keyword">]</span><span class="keyword">;</span></td></tr>
    <tr class="covered-by-large-tests popin d-flex"><td  data-title="14 tests cover line 88" data-content="&lt;ul&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testInvalidStateCodeChallengeOrScopeReturnErrorRedirects&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testHandlesValidAndInvalidMeUrlsCorrectly&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testUnauthenticatedRequestReturnsAuthenticationResponse&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsServerErrorIfAuthenticationResultHasNoMeKey&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnErrorIfFetchingClientIdThrowsException&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdWithNoParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfRedirectUriDoesntMatchClientIdOrParsedRedirectUris&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdSufficientlyMatchesRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkHeaderRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsAuthorizationFormIfClientIdExactlyMatchesParsedLinkElementRedirectUri&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testFindsFirstHAppExactlyMatchingClientId&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasNoHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testReturnsErrorIfApprovalRequestHasInvalidHash&lt;/li&gt;&lt;li class=&quot;covered-by-large-tests&quot;&gt;Taproot\IndieAuth\Test\ServerTest::testValidApprovalRequestIsHandledCorrectly&lt;/li&gt;&lt;/ul&gt;" data-placement="top" data-html="true" class="col-1 text-right"><a id="88" href="#88">88</a></td><td class="col-11 codeLine"><span class="default">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="default">$components</span><span class="default">&nbsp;</span><span class="keyword">=</span><span class="default">&nbsp;</span><span class="default">$components</span><span class="default">&nbsp;</span><span class="default">??</span><span class="default">&nbsp;</span><span class="default">$validComponents</span><span class="keyword">;</span></td></tr>
    <tr class=" d-flex"><td  class="col-1 text-right"><a id="89" href="#89">89</a></td><td class="col-11 codeLine"></td></tr>
@ -680,7 +680,7 @@
    <h4>Legend</h4>
    <p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
    <a title="Back to the top" id="toplink" href="#">
        <svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>
--- a/docs/coverage/index.html
+++ b/docs/coverage/index.html
@ -44,13 +44,13 @@
      <tr>
       <td class="success">Total</td>
       <td class="success big">       <div class="progress">
-         <div class="progress-bar bg-success" role="progressbar" aria-valuenow="94.58" aria-valuemin="0" aria-valuemax="100" style="width: 94.58%">
+         <div class="progress-bar bg-success" role="progressbar" aria-valuenow="94.59" aria-valuemin="0" aria-valuemax="100" style="width: 94.59%">
-           <span class="sr-only">94.58% covered (success)</span>
+           <span class="sr-only">94.59% covered (success)</span>
         </div>
       </div>
 </td>
-       <td class="success small"><div align="right">94.58%</div></td>
+       <td class="success small"><div align="right">94.59%</div></td>
-       <td class="success small"><div align="right">506&nbsp;/&nbsp;535</div></td>
+       <td class="success small"><div align="right">507&nbsp;/&nbsp;536</div></td>
       <td class="warning big">       <div class="progress">
         <div class="progress-bar bg-warning" role="progressbar" aria-valuenow="73.68" aria-valuemin="0" aria-valuemax="100" style="width: 73.68%">
           <span class="sr-only">73.68% covered (warning)</span>
@ -184,13 +184,13 @@
      <tr>
       <td class="success"><img src="phpunit_icons/file-code.svg" class="octicon" /><a href="Server.php.html">Server.php</a></td>
       <td class="success big">       <div class="progress">
-         <div class="progress-bar bg-success" role="progressbar" aria-valuenow="94.90" aria-valuemin="0" aria-valuemax="100" style="width: 94.90%">
+         <div class="progress-bar bg-success" role="progressbar" aria-valuenow="94.92" aria-valuemin="0" aria-valuemax="100" style="width: 94.92%">
-           <span class="sr-only">94.90% covered (success)</span>
+           <span class="sr-only">94.92% covered (success)</span>
         </div>
       </div>
 </td>
-       <td class="success small"><div align="right">94.90%</div></td>
+       <td class="success small"><div align="right">94.92%</div></td>
-       <td class="success small"><div align="right">242&nbsp;/&nbsp;255</div></td>
+       <td class="success small"><div align="right">243&nbsp;/&nbsp;256</div></td>
       <td class="warning big">       <div class="progress">
         <div class="progress-bar bg-warning" role="progressbar" aria-valuenow="60.00" aria-valuemin="0" aria-valuemax="100" style="width: 60.00%">
           <span class="sr-only">60.00% covered (warning)</span>
@ -245,7 +245,7 @@
     <span class="success"><strong>High</strong>: 90% to 100%</span>
    </p>
    <p>
-     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
+     <small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 23:14:13 UTC 2021.</small>
    </p>
   </footer>
  </div>
--- a/docs/files/src-functions.html
+++ b/docs/files/src-functions.html
@ -112,7 +112,7 @@
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_base64_urlencode">base64_urlencode()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: string    </span>
 </dt>
 <dd></dd>
@ -126,28 +126,28 @@
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_isIndieAuthAuthorizationCodeRedeemingRequest">isIndieAuthAuthorizationCodeRedeemingRequest()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: bool    </span>
 </dt>
 <dd></dd>
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_isIndieAuthAuthorizationRequest">isIndieAuthAuthorizationRequest()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: bool    </span>
 </dt>
 <dd></dd>
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_isAuthorizationApprovalRequest">isAuthorizationApprovalRequest()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: bool    </span>
 </dt>
 <dd></dd>
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_buildQueryString">buildQueryString()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: string    </span>
 </dt>
 <dd></dd>
@ -334,14 +334,14 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">base64_urlencode</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">mixed&nbsp;</span><span class="phpdocumentor-signature__argument__name">$string</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">base64_urlencode</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">string&nbsp;</span><span class="phpdocumentor-signature__argument__name">$string</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">string</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
    <dl class="phpdocumentor-argument-list">
                    <dt class="phpdocumentor-argument-list__entry">
                <span class="phpdocumentor-signature__argument__name">$string</span>
-                : <span class="phpdocumentor-signature__argument__return-type">mixed</span>
+                : <span class="phpdocumentor-signature__argument__return-type">string</span>
                            </dt>
            <dd class="phpdocumentor-argument-list__definition">
@ -419,7 +419,7 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">isIndieAuthAuthorizationCodeRedeemingRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">isIndieAuthAuthorizationCodeRedeemingRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
@ -451,7 +451,7 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">isIndieAuthAuthorizationRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span class="phpdocumentor-signature__argument"><span>[</span><span>, </span><span class="phpdocumentor-signature__argument__return-type">mixed&nbsp;</span><span class="phpdocumentor-signature__argument__name">$permittedMethods</span><span> = </span><span class="phpdocumentor-signature__argument__default-value">[&#039;get&#039;]</span><span> ]</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">isIndieAuthAuthorizationRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span class="phpdocumentor-signature__argument"><span>[</span><span>, </span><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;&nbsp;</span><span class="phpdocumentor-signature__argument__name">$permittedMethods</span><span> = </span><span class="phpdocumentor-signature__argument__default-value">[&#039;get&#039;]</span><span> ]</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
@ -465,7 +465,7 @@
            </dd>
                    <dt class="phpdocumentor-argument-list__entry">
                <span class="phpdocumentor-signature__argument__name">$permittedMethods</span>
-                : <span class="phpdocumentor-signature__argument__return-type">mixed</span>
+                : <span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;</span>
                 = <span class="phpdocumentor-signature__argument__default-value">[&#039;get&#039;]</span>            </dt>
            <dd class="phpdocumentor-argument-list__definition">
@ -490,7 +490,7 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">isAuthorizationApprovalRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">isAuthorizationApprovalRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
@ -522,7 +522,7 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">buildQueryString</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;&nbsp;</span><span class="phpdocumentor-signature__argument__name">$parameters</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">buildQueryString</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;&nbsp;</span><span class="phpdocumentor-signature__argument__name">$parameters</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">string</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
@ -554,21 +554,21 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">urlComponentsMatch</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">mixed&nbsp;</span><span class="phpdocumentor-signature__argument__name">$url1</span></span><span class="phpdocumentor-signature__argument"><span>, </span><span class="phpdocumentor-signature__argument__return-type">mixed&nbsp;</span><span class="phpdocumentor-signature__argument__name">$url2</span></span><span class="phpdocumentor-signature__argument"><span>[</span><span>, </span><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;|null&nbsp;</span><span class="phpdocumentor-signature__argument__name">$components</span><span> = </span><span class="phpdocumentor-signature__argument__default-value">null</span><span> ]</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
+                <span class="phpdocumentor-signature__name">urlComponentsMatch</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">string&nbsp;</span><span class="phpdocumentor-signature__argument__name">$url1</span></span><span class="phpdocumentor-signature__argument"><span>, </span><span class="phpdocumentor-signature__argument__return-type">string&nbsp;</span><span class="phpdocumentor-signature__argument__name">$url2</span></span><span class="phpdocumentor-signature__argument"><span>[</span><span>, </span><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;|null&nbsp;</span><span class="phpdocumentor-signature__argument__name">$components</span><span> = </span><span class="phpdocumentor-signature__argument__default-value">null</span><span> ]</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
    <dl class="phpdocumentor-argument-list">
                    <dt class="phpdocumentor-argument-list__entry">
                <span class="phpdocumentor-signature__argument__name">$url1</span>
-                : <span class="phpdocumentor-signature__argument__return-type">mixed</span>
+                : <span class="phpdocumentor-signature__argument__return-type">string</span>
                            </dt>
            <dd class="phpdocumentor-argument-list__definition">
            </dd>
                    <dt class="phpdocumentor-argument-list__entry">
                <span class="phpdocumentor-signature__argument__name">$url2</span>
-                : <span class="phpdocumentor-signature__argument__return-type">mixed</span>
+                : <span class="phpdocumentor-signature__argument__return-type">string</span>
                            </dt>
            <dd class="phpdocumentor-argument-list__definition">
--- a/docs/files/src-storage-sqlite3storage.html
+++ b/docs/files/src-storage-sqlite3storage.html
@ -80,17 +80,6 @@
 <h3 id="interfaces_class_traits">
    Interfaces, Classes and Traits
    <a href="#interfaces_class_traits" class="headerlink"><i class="fas fa-link"></i></a>
 </h3>
 <dl class="phpdocumentor-table-of-contents">
            <dt class="phpdocumentor-table-of-contents__entry -class"><a href="classes/Taproot-IndieAuth-Storage-Sqlite3Storage.html"><abbr title="\Taproot\IndieAuth\Storage\Sqlite3Storage">Sqlite3Storage</abbr></a></dt>
        <dd></dd>
    </dl>
--- a/docs/js/searchIndex.js
+++ b/docs/js/searchIndex.js
@ -645,11 +645,6 @@ Search.appendIndex(
            "name": "logger",
            "summary": "",
            "url": "classes/Taproot-IndieAuth-Storage-FilesystemJsonStorage.html#property_logger"
        },                {
            "fqsen": "\\Taproot\\IndieAuth\\Storage\\Sqlite3Storage",
            "name": "Sqlite3Storage",
            "summary": "",
            "url": "classes/Taproot-IndieAuth-Storage-Sqlite3Storage.html"
        },                {
            "fqsen": "\\Taproot\\IndieAuth\\Storage\\TokenStorageInterface",
            "name": "TokenStorageInterface",
--- a/docs/namespaces/taproot-indieauth-storage.html
+++ b/docs/namespaces/taproot-indieauth-storage.html
@ -93,8 +93,6 @@
            <dt class="phpdocumentor-table-of-contents__entry -class"><a href="classes/Taproot-IndieAuth-Storage-FilesystemJsonStorage.html"><abbr title="\Taproot\IndieAuth\Storage\FilesystemJsonStorage">FilesystemJsonStorage</abbr></a></dt>
        <dd>Filesystem JSON Token Storage</dd>
            <dt class="phpdocumentor-table-of-contents__entry -class"><a href="classes/Taproot-IndieAuth-Storage-Sqlite3Storage.html"><abbr title="\Taproot\IndieAuth\Storage\Sqlite3Storage">Sqlite3Storage</abbr></a></dt>
        <dd></dd>
    </dl>
--- a/docs/namespaces/taproot-indieauth.html
+++ b/docs/namespaces/taproot-indieauth.html
@ -136,7 +136,7 @@
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_base64_urlencode">base64_urlencode()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: string    </span>
 </dt>
 <dd></dd>
@ -150,28 +150,28 @@
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_isIndieAuthAuthorizationCodeRedeemingRequest">isIndieAuthAuthorizationCodeRedeemingRequest()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: bool    </span>
 </dt>
 <dd></dd>
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_isIndieAuthAuthorizationRequest">isIndieAuthAuthorizationRequest()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: bool    </span>
 </dt>
 <dd></dd>
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_isAuthorizationApprovalRequest">isAuthorizationApprovalRequest()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: bool    </span>
 </dt>
 <dd></dd>
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_buildQueryString">buildQueryString()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: string    </span>
 </dt>
 <dd></dd>
@ -357,14 +357,14 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">base64_urlencode</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">mixed&nbsp;</span><span class="phpdocumentor-signature__argument__name">$string</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">base64_urlencode</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">string&nbsp;</span><span class="phpdocumentor-signature__argument__name">$string</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">string</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
    <dl class="phpdocumentor-argument-list">
                    <dt class="phpdocumentor-argument-list__entry">
                <span class="phpdocumentor-signature__argument__name">$string</span>
-                : <span class="phpdocumentor-signature__argument__return-type">mixed</span>
+                : <span class="phpdocumentor-signature__argument__return-type">string</span>
                            </dt>
            <dd class="phpdocumentor-argument-list__definition">
@ -442,7 +442,7 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">isIndieAuthAuthorizationCodeRedeemingRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">isIndieAuthAuthorizationCodeRedeemingRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
@ -474,7 +474,7 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">isIndieAuthAuthorizationRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span class="phpdocumentor-signature__argument"><span>[</span><span>, </span><span class="phpdocumentor-signature__argument__return-type">mixed&nbsp;</span><span class="phpdocumentor-signature__argument__name">$permittedMethods</span><span> = </span><span class="phpdocumentor-signature__argument__default-value">[&#039;get&#039;]</span><span> ]</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">isIndieAuthAuthorizationRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span class="phpdocumentor-signature__argument"><span>[</span><span>, </span><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;&nbsp;</span><span class="phpdocumentor-signature__argument__name">$permittedMethods</span><span> = </span><span class="phpdocumentor-signature__argument__default-value">[&#039;get&#039;]</span><span> ]</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
@ -488,7 +488,7 @@
            </dd>
                    <dt class="phpdocumentor-argument-list__entry">
                <span class="phpdocumentor-signature__argument__name">$permittedMethods</span>
-                : <span class="phpdocumentor-signature__argument__return-type">mixed</span>
+                : <span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;</span>
                 = <span class="phpdocumentor-signature__argument__default-value">[&#039;get&#039;]</span>            </dt>
            <dd class="phpdocumentor-argument-list__definition">
@ -513,7 +513,7 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">isAuthorizationApprovalRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">isAuthorizationApprovalRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
@ -545,7 +545,7 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">buildQueryString</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;&nbsp;</span><span class="phpdocumentor-signature__argument__name">$parameters</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">buildQueryString</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;&nbsp;</span><span class="phpdocumentor-signature__argument__name">$parameters</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">string</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
@ -577,21 +577,21 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">urlComponentsMatch</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">mixed&nbsp;</span><span class="phpdocumentor-signature__argument__name">$url1</span></span><span class="phpdocumentor-signature__argument"><span>, </span><span class="phpdocumentor-signature__argument__return-type">mixed&nbsp;</span><span class="phpdocumentor-signature__argument__name">$url2</span></span><span class="phpdocumentor-signature__argument"><span>[</span><span>, </span><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;|null&nbsp;</span><span class="phpdocumentor-signature__argument__name">$components</span><span> = </span><span class="phpdocumentor-signature__argument__default-value">null</span><span> ]</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
+                <span class="phpdocumentor-signature__name">urlComponentsMatch</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">string&nbsp;</span><span class="phpdocumentor-signature__argument__name">$url1</span></span><span class="phpdocumentor-signature__argument"><span>, </span><span class="phpdocumentor-signature__argument__return-type">string&nbsp;</span><span class="phpdocumentor-signature__argument__name">$url2</span></span><span class="phpdocumentor-signature__argument"><span>[</span><span>, </span><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;|null&nbsp;</span><span class="phpdocumentor-signature__argument__name">$components</span><span> = </span><span class="phpdocumentor-signature__argument__default-value">null</span><span> ]</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
    <dl class="phpdocumentor-argument-list">
                    <dt class="phpdocumentor-argument-list__entry">
                <span class="phpdocumentor-signature__argument__name">$url1</span>
-                : <span class="phpdocumentor-signature__argument__return-type">mixed</span>
+                : <span class="phpdocumentor-signature__argument__return-type">string</span>
                            </dt>
            <dd class="phpdocumentor-argument-list__definition">
            </dd>
                    <dt class="phpdocumentor-argument-list__entry">
                <span class="phpdocumentor-signature__argument__name">$url2</span>
-                : <span class="phpdocumentor-signature__argument__return-type">mixed</span>
+                : <span class="phpdocumentor-signature__argument__return-type">string</span>
                            </dt>
            <dd class="phpdocumentor-argument-list__definition">
--- a/docs/packages/default.html
+++ b/docs/packages/default.html
@ -109,8 +109,6 @@
        <dd>IndieAuth Server</dd>
            <dt class="phpdocumentor-table-of-contents__entry -class"><a href="classes/Taproot-IndieAuth-Storage-FilesystemJsonStorage.html"><abbr title="\Taproot\IndieAuth\Storage\FilesystemJsonStorage">FilesystemJsonStorage</abbr></a></dt>
        <dd>Filesystem JSON Token Storage</dd>
            <dt class="phpdocumentor-table-of-contents__entry -class"><a href="classes/Taproot-IndieAuth-Storage-Sqlite3Storage.html"><abbr title="\Taproot\IndieAuth\Storage\Sqlite3Storage">Sqlite3Storage</abbr></a></dt>
        <dd></dd>
    </dl>
@ -145,7 +143,7 @@
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_base64_urlencode">base64_urlencode()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: string    </span>
 </dt>
 <dd></dd>
@ -159,28 +157,28 @@
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_isIndieAuthAuthorizationCodeRedeemingRequest">isIndieAuthAuthorizationCodeRedeemingRequest()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: bool    </span>
 </dt>
 <dd></dd>
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_isIndieAuthAuthorizationRequest">isIndieAuthAuthorizationRequest()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: bool    </span>
 </dt>
 <dd></dd>
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_isAuthorizationApprovalRequest">isAuthorizationApprovalRequest()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: bool    </span>
 </dt>
 <dd></dd>
            <dt class="phpdocumentor-table-of-contents__entry -function -">
    <a href="namespaces/taproot-indieauth.html#function_buildQueryString">buildQueryString()</a>
    <span>
-                        &nbsp;: mixed    </span>
+                        &nbsp;: string    </span>
 </dt>
 <dd></dd>
@ -366,14 +364,14 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">base64_urlencode</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">mixed&nbsp;</span><span class="phpdocumentor-signature__argument__name">$string</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">base64_urlencode</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">string&nbsp;</span><span class="phpdocumentor-signature__argument__name">$string</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">string</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
    <dl class="phpdocumentor-argument-list">
                    <dt class="phpdocumentor-argument-list__entry">
                <span class="phpdocumentor-signature__argument__name">$string</span>
-                : <span class="phpdocumentor-signature__argument__return-type">mixed</span>
+                : <span class="phpdocumentor-signature__argument__return-type">string</span>
                            </dt>
            <dd class="phpdocumentor-argument-list__definition">
@ -451,7 +449,7 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">isIndieAuthAuthorizationCodeRedeemingRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">isIndieAuthAuthorizationCodeRedeemingRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
@ -483,7 +481,7 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">isIndieAuthAuthorizationRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span class="phpdocumentor-signature__argument"><span>[</span><span>, </span><span class="phpdocumentor-signature__argument__return-type">mixed&nbsp;</span><span class="phpdocumentor-signature__argument__name">$permittedMethods</span><span> = </span><span class="phpdocumentor-signature__argument__default-value">[&#039;get&#039;]</span><span> ]</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">isIndieAuthAuthorizationRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span class="phpdocumentor-signature__argument"><span>[</span><span>, </span><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;&nbsp;</span><span class="phpdocumentor-signature__argument__name">$permittedMethods</span><span> = </span><span class="phpdocumentor-signature__argument__default-value">[&#039;get&#039;]</span><span> ]</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
@ -497,7 +495,7 @@
            </dd>
                    <dt class="phpdocumentor-argument-list__entry">
                <span class="phpdocumentor-signature__argument__name">$permittedMethods</span>
-                : <span class="phpdocumentor-signature__argument__return-type">mixed</span>
+                : <span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;</span>
                 = <span class="phpdocumentor-signature__argument__default-value">[&#039;get&#039;]</span>            </dt>
            <dd class="phpdocumentor-argument-list__definition">
@ -522,7 +520,7 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">isAuthorizationApprovalRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">isAuthorizationApprovalRequest</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type"><abbr title="\Psr\Http\Message\ServerRequestInterface">ServerRequestInterface</abbr>&nbsp;</span><span class="phpdocumentor-signature__argument__name">$request</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
@ -554,7 +552,7 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">buildQueryString</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;&nbsp;</span><span class="phpdocumentor-signature__argument__name">$parameters</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">mixed</span></code>
+                <span class="phpdocumentor-signature__name">buildQueryString</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;&nbsp;</span><span class="phpdocumentor-signature__argument__name">$parameters</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">string</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
@ -586,21 +584,21 @@
    <code class="phpdocumentor-code phpdocumentor-signature ">
    <span class="phpdocumentor-signature__visibility"></span>
-                <span class="phpdocumentor-signature__name">urlComponentsMatch</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">mixed&nbsp;</span><span class="phpdocumentor-signature__argument__name">$url1</span></span><span class="phpdocumentor-signature__argument"><span>, </span><span class="phpdocumentor-signature__argument__return-type">mixed&nbsp;</span><span class="phpdocumentor-signature__argument__name">$url2</span></span><span class="phpdocumentor-signature__argument"><span>[</span><span>, </span><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;|null&nbsp;</span><span class="phpdocumentor-signature__argument__name">$components</span><span> = </span><span class="phpdocumentor-signature__argument__default-value">null</span><span> ]</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
+                <span class="phpdocumentor-signature__name">urlComponentsMatch</span><span>(</span><span class="phpdocumentor-signature__argument"><span class="phpdocumentor-signature__argument__return-type">string&nbsp;</span><span class="phpdocumentor-signature__argument__name">$url1</span></span><span class="phpdocumentor-signature__argument"><span>, </span><span class="phpdocumentor-signature__argument__return-type">string&nbsp;</span><span class="phpdocumentor-signature__argument__name">$url2</span></span><span class="phpdocumentor-signature__argument"><span>[</span><span>, </span><span class="phpdocumentor-signature__argument__return-type">array&lt;string|int, mixed&gt;|null&nbsp;</span><span class="phpdocumentor-signature__argument__name">$components</span><span> = </span><span class="phpdocumentor-signature__argument__default-value">null</span><span> ]</span></span><span>)</span><span> : </span><span class="phpdocumentor-signature__response_type">bool</span></code>
        <h5 class="phpdocumentor-argument-list__heading">Parameters</h5>
    <dl class="phpdocumentor-argument-list">
                    <dt class="phpdocumentor-argument-list__entry">
                <span class="phpdocumentor-signature__argument__name">$url1</span>
-                : <span class="phpdocumentor-signature__argument__return-type">mixed</span>
+                : <span class="phpdocumentor-signature__argument__return-type">string</span>
                            </dt>
            <dd class="phpdocumentor-argument-list__definition">
            </dd>
                    <dt class="phpdocumentor-argument-list__entry">
                <span class="phpdocumentor-signature__argument__name">$url2</span>
-                : <span class="phpdocumentor-signature__argument__return-type">mixed</span>
+                : <span class="phpdocumentor-signature__argument__return-type">string</span>
                            </dt>
            <dd class="phpdocumentor-argument-list__definition">
--- a/src/Server.php
+++ b/src/Server.php
@ -442,7 +442,8 @@ class Server {
 					// order to know that, we need to also validate, fetch and parse the client_id.
 					// If the request lacks a hash, or if the provided hash was invalid, perform the validation.
 					$currentRequestHash = hashAuthorizationRequestParameters($request, $this->secret);
-					if (is_null($currentRequestHash) or !hash_equals($currentRequestHash, $queryParams[self::HASH_QUERY_STRING_KEY])) {
+					if (!isset($queryParams[self::HASH_QUERY_STRING_KEY]) or is_null($currentRequestHash) or !hash_equals($currentRequestHash, $queryParams[self::HASH_QUERY_STRING_KEY])) {
 						// All we need to know at this stage is whether the redirect_uri is valid. If it
 						// sufficiently matches the client_id, we don’t (yet) need to fetch the client_id.
 						if (!urlComponentsMatch($queryParams['client_id'], $queryParams['redirect_uri'], [PHP_URL_SCHEME, PHP_URL_HOST, PHP_URL_PORT])) {
@ -561,7 +562,7 @@ class Server {
 							}
 							$expectedHash = hashAuthorizationRequestParameters($request, $this->secret);
-							if (is_null($expectedHash) or !hash_equals($expectedHash, $queryParams[self::HASH_QUERY_STRING_KEY])) {
+							if (!isset($queryParams[self::HASH_QUERY_STRING_KEY]) or is_null($expectedHash) or !hash_equals($expectedHash, $queryParams[self::HASH_QUERY_STRING_KEY])) {
 								$this->logger->warning("The hash provided in the URL was invalid!", [
 									'expected' => $expectedHash,
 									'actual' => $queryParams[self::HASH_QUERY_STRING_KEY]
--- a/src/functions.php
+++ b/src/functions.php
@ -38,7 +38,7 @@ function generatePKCECodeChallenge($plaintext) {
 	return base64_urlencode(hash('sha256', $plaintext, true));
 }
-function base64_urlencode($string) {
+function base64_urlencode(string $string): string {
 	return rtrim(strtr(base64_encode($string), '+/', '-_'), '=');
 }
@ -49,7 +49,7 @@ function hashAuthorizationRequestParameters(ServerRequestInterface $request, str
 	$queryParams = $request->getQueryParams();
 	$data = '';
 	foreach ($hashedParameters as $key) {
-		if (!array_key_exists($key, $queryParams)) {
+		if (!isset($queryParams[$key])) {
 			return null;
 		}
 		$data .= $queryParams[$key];