Mister Miyagi

Hey, wow this has been a while ago ;-) Yes, this is specifically (only) done for Client Credentials where I think 401 would be more appropriate, as per your reference...

The reason I prefer a 401 here is because we want to use a specific flow for a client in case of supplying invalid credentials and we don't want to...

Why not add checkScope to the Oauth2\Storage\ScopeInterface? (and modify the ScopeClass to call it through the storage same as scopeExists) That way you don't have to extend Scope and can...

You can check the status of the payment with mollie on your return url (as well as the webhook) and redirect users accordingly to succes or failure pages. Payment processed...