Possible bug when verifying an auth code

My requirement has been to use the plugin so our existing WP site can be used to authenticate an Model Context Protocol server I’m creating. This has been possible using actions and filters to, for example, add support for client registration.

However, one issue it’s not been possible to workaround without modifying the plugin code, is in the validation of an authorization code. The issue occurs because if a statement is returned in getAuthorizationCode() (in WordPressdb.php) an ‘expires’ member is added to the array using the current timestamp as the value.

getAuthorizationCode is called from validateRequest() in AuthorizationCode.php. However in this function the expires value is tested to see if it is *less than* the current timestamp (line 68). Since the value has just been set, it can never be less than that value so the validate request always fails

My fix is to set the expires value in getAuthorizationCode() to the current timestamp + 1.