diff --git a/lib/IOAuth2.php b/lib/IOAuth2.php
index b596916..15bbdea 100644
--- a/lib/IOAuth2.php
+++ b/lib/IOAuth2.php
@@ -125,7 +125,7 @@ public function grantAccessToken(?Request $request = null);
      *
      * @ingroup  oauth2_section_4
      */
-    public function finishClientAuthorization($isAuthorized, $data = null, Request $request = null, $scope = null);
+    public function finishClientAuthorization($isAuthorized, $data = null, ?Request $request = null, $scope = null);
 
     /**
      * Handle the creation of access token, also issue refresh token if support.
diff --git a/lib/OAuth2.php b/lib/OAuth2.php
index edfe928..ac615dd 100644
--- a/lib/OAuth2.php
+++ b/lib/OAuth2.php
@@ -1126,7 +1126,7 @@ protected function getRedirectUri($redirectUri, IOAuth2Client $client)
     /**
      * {@inheritdoc}
      */
-    public function finishClientAuthorization($isAuthorized, $data = null, Request $request = null, $scope = null)
+    public function finishClientAuthorization($isAuthorized, $data = null, ?Request $request = null, $scope = null)
     {
         // In theory, this could be POSTed by a 3rd-party (because we are not
         // internally enforcing NONCEs, etc)