fix(oauth): use spec-compliant invalid_request error code (remove stray space)

[DucMinhNe]

Problem

Several OAuthServerException constructions pass the error code 'invalid _request' — with a stray space — instead of the spec value 'invalid_request'. That value is echoed verbatim to clients in the JSON error response's error field, so API consumers receive a non-standard OAuth2 error code:

{"error":"invalid _request","error_description":"Invalid registration token"}

Per RFC 6749 §5.2 the error code is invalid_request (no space).

Fix

Replace 'invalid _request' → 'invalid_request' at all four occurrences:

• src/RestControllers/AuthorizationController.php — L496, L1458, L1484
• src/RestControllers/Authorization/BearerTokenAuthorizationStrategy.php — L177 (same typo; included for completeness)

No behavioural change other than the corrected, spec-compliant error code.

Testing

Trigger any of the affected paths (e.g. an invalid dynamic-client-registration token, or a revoked refresh token) and confirm the JSON response now returns "error":"invalid_request" instead of "error":"invalid _request".

Fixes #12326

[codecov]

Codecov Report

❌ Patch coverage is 25.00000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 23.81%. Comparing base (f3ae776) to head (ecfbbf0).
⚠️ Report is 1 commits behind head on master.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
src/RestControllers/AuthorizationController.php	0.00%	3 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #12327      +/-   ##
============================================
- Coverage     25.80%   23.81%   -2.00%     
  Complexity    84014    84014              
============================================
  Files          3910     3910              
  Lines        417451   417202     -249     
============================================
- Hits         107707    99340    -8367     
- Misses       309744   317862    +8118     

Flag	Coverage Δ
apache	15.42% <25.00%> (-0.01%)	⬇️
api	3.73% <25.00%> (+<0.01%)	⬆️
api-tests	3.73% <25.00%> (+<0.01%)	⬆️
e2e	9.08% <0.00%> (+<0.01%)	⬆️
e2e-tests	9.08% <0.00%> (+<0.01%)	⬆️
email	0.18% <0.00%> (ø)
http	?
inferno	?
isolated-php8.2	7.55% <0.00%> (ø)
isolated-php8.3	7.55% <0.00%> (ø)
isolated-php8.4	7.55% <0.00%> (ø)
isolated-php8.5	7.55% <0.00%> (ø)
isolated-php8.6	7.55% <0.00%> (ø)
mariadb11.8.7	15.42% <25.00%> (-0.01%)	⬇️
php8.2	15.42% <25.00%> (?)
php8.5	?
phpunit	?
services	5.13% <0.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.