From 63f329b104c36dcbe2ee2f2a5562c6422f36224b Mon Sep 17 00:00:00 2001
From: arekkas <aeneas@ory.am>
Date: Sun, 9 Jul 2017 17:00:10 +0200
Subject: [PATCH] handler/oauth2: update docs

---
 handler/oauth2/flow_authorize_code_token.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/handler/oauth2/flow_authorize_code_token.go b/handler/oauth2/flow_authorize_code_token.go
index b62826a34..274cb6930 100644
--- a/handler/oauth2/flow_authorize_code_token.go
+++ b/handler/oauth2/flow_authorize_code_token.go
@@ -31,7 +31,7 @@ func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.C
 	}
 
 	// The authorization server MUST verify that the authorization code is valid
-	// Validation happens
+	// This needs to happen after store retrieval for the session to be hydrated properly
 	if err := c.AuthorizeCodeStrategy.ValidateAuthorizeCode(ctx, request, code); err != nil {
 		return errors.Wrap(errors.WithStack(fosite.ErrInvalidRequest), err.Error())
 	}