deny access to blocked clients

Author: ylebre

solid/lib/Controller/ServerController.php

@@ -196,14 +196,21 @@ public function authorize() {
 					$getVars['redirect_uri']
 				)
 			);
-			$clientId = $this->config->saveClientRegistration($origin, $clientData);
-			$clientId = $this->config->saveClientRegistration($getVars['client_id'], $clientData);
+			$clientId = $this->config->saveClientRegistration($origin, $clientData)['client_id'];
+			$clientId = $this->config->saveClientRegistration($getVars['client_id'], $clientData)['client_id'];
 			$returnUrl = $getVars['redirect_uri'];
 		} else {
 			$clientId = $getVars['client_id'];
 			$returnUrl = $_SERVER['REQUEST_URI'];
 		}
 
+		$clientRegistration = $this->config->getClientRegistration($clientId);
+		if ($clientRegistration['blocked'] === true) {
+			$result = new JSONResponse('Unauthorized client');
+			$result->setStatus(403);
+			return $result;
+		}
+
 		$approval = $this->checkApproval($clientId);
 		if (!$approval) {
 			$result = new JSONResponse('Approval required');