From e960b60ef26682e4eb99cc978dcf5bfbc0194d3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Ivan=C4=8Di=C4=87?= <mivanci@srce.hr>
Date: Wed, 24 Jun 2026 15:00:39 +0200
Subject: [PATCH] Add types to request rules

---
 .../PushedAuthorizationController.php         |  2 -
 src/Server/AuthorizationServer.php            |  6 ---
 src/Server/Grants/AuthCodeGrant.php           | 16 +-------
 src/Server/Grants/ImplicitGrant.php           | 13 +------
 src/Server/Grants/PreAuthCodeGrant.php        |  1 -
 .../Interfaces/RequestRuleInterface.php       | 13 ++++++-
 .../Interfaces/ResultBagInterface.php         | 39 ++++++++++++++++---
 .../Interfaces/ResultInterface.php            | 25 ------------
 .../RequestRules/RequestRulesManager.php      |  3 +-
 src/Server/RequestRules/Result.php            | 24 +++++++-----
 src/Server/RequestRules/ResultBag.php         | 38 ++++++++++--------
 .../RequestRules/Rules/AbstractRule.php       |  4 ++
 .../RequestRules/Rules/AcrValuesRule.php      |  6 ++-
 .../Rules/AddClaimsToIdTokenRule.php          |  7 ++--
 .../Rules/AuthorizationDetailsRule.php        |  6 ++-
 .../Rules/ClientAuthenticationRule.php        |  7 ++--
 .../RequestRules/Rules/ClientIdRule.php       |  5 ++-
 .../Rules/ClientRedirectUriRule.php           |  6 ++-
 src/Server/RequestRules/Rules/ClientRule.php  |  5 ++-
 .../Rules/CodeChallengeMethodRule.php         |  8 ++--
 .../RequestRules/Rules/CodeChallengeRule.php  |  9 ++---
 .../RequestRules/Rules/CodeVerifierRule.php   |  7 ++--
 .../RequestRules/Rules/IdTokenHintRule.php    |  7 ++--
 .../RequestRules/Rules/IssuerStateRule.php    |  6 ++-
 src/Server/RequestRules/Rules/MaxAgeRule.php  |  9 ++---
 .../Rules/PostLogoutRedirectUriRule.php       |  8 ++--
 src/Server/RequestRules/Rules/PromptRule.php  | 13 ++++---
 .../RequestRules/Rules/RequestObjectRule.php  |  9 ++---
 .../RequestRules/Rules/RequestUriRule.php     | 10 ++---
 .../Rules/RequestedClaimsRule.php             |  7 ++--
 .../RequestRules/Rules/RequiredNonceRule.php  |  8 ++--
 .../Rules/RequiredOpenIdScopeRule.php         |  9 ++---
 .../RequestRules/Rules/ResponseModeRule.php   | 13 ++++---
 .../RequestRules/Rules/ResponseTypeRule.php   | 10 +++--
 .../Rules/ScopeOfflineAccessRule.php          | 10 ++---
 src/Server/RequestRules/Rules/ScopeRule.php   |  8 ++--
 src/Server/RequestRules/Rules/StateRule.php   |  6 ++-
 .../RequestRules/Rules/UiLocalesRule.php      |  6 ++-
 .../RequestRules/RequestRulesManagerTest.php  |  4 +-
 .../src/Server/RequestRules/ResultBagTest.php |  8 ++++
 .../src/Server/RequestRules/ResultTest.php    | 11 ------
 .../RequestRules/Rules/AcrValuesRuleTest.php  |  3 +-
 .../Rules/ClientAuthenticationRuleTest.php    |  7 ++--
 .../RequestRules/Rules/ClientRuleTest.php     |  4 +-
 .../Rules/CodeChallengeMethodRuleTest.php     |  3 +-
 .../Rules/CodeChallengeRuleTest.php           |  5 +--
 .../Rules/RedirectUriRuleTest.php             |  3 +-
 .../Rules/ScopeOfflineAccessRuleTest.php      | 10 ++---
 .../RequestRules/Rules/ScopeRuleTest.php      |  3 +-
 .../RequestRules/Rules/StateRuleTest.php      |  6 +--
 50 files changed, 232 insertions(+), 224 deletions(-)
 delete mode 100644 src/Server/RequestRules/Interfaces/ResultInterface.php

diff --git a/src/Controllers/PushedAuthorizationController.php b/src/Controllers/PushedAuthorizationController.php
index ac118136..70f8a32c 100644
--- a/src/Controllers/PushedAuthorizationController.php
+++ b/src/Controllers/PushedAuthorizationController.php
@@ -171,9 +171,7 @@ protected function resolveParametersToPersist(
         if ($requestObjectResult !== null) {
             // Request Object (JAR) was used. Per RFC 9126, all authorization request parameters must appear
             // as claims of the Request Object, so only use its (validated) payload.
-            /** @psalm-suppress MixedAssignment */
             $parameters = $resultBag->getOrFail(RequestObjectRule::class)->getValue();
-            $parameters = is_array($parameters) ? $parameters : [];
 
             /** @psalm-suppress MixedAssignment */
             $clientIdClaim = $parameters[ParamsEnum::ClientId->value] ?? null;
diff --git a/src/Server/AuthorizationServer.php b/src/Server/AuthorizationServer.php
index 35ed30cb..40ae9029 100644
--- a/src/Server/AuthorizationServer.php
+++ b/src/Server/AuthorizationServer.php
@@ -115,11 +115,8 @@ public function validateAuthorizationRequest(ServerRequestInterface $request): O
         );
 
         // state and redirectUri is used here, so we can return HTTP redirect error in case of invalid response_type.
-        /** @var ?string $state */
         $state = $resultBag->getOrFail(StateRule::class)->getValue();
-        /** @var string $redirectUri */
         $redirectUri = $resultBag->getOrFail(ClientRedirectUriRule::class)->getValue();
-        /** @var \SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface $responseMode */
         $responseMode = $resultBag->getOrFail(ResponseModeRule::class)->getValue();
 
         foreach ($this->enabledGrantTypes as $grantType) {
@@ -192,11 +189,8 @@ public function validateLogoutRequest(ServerRequestInterface $request): LogoutRe
             throw new BadRequest($reason);
         }
 
-        /** @var \SimpleSAML\OpenID\Core\IdToken|null $idTokenHint */
         $idTokenHint = $resultBag->getOrFail(IdTokenHintRule::class)->getValue();
-        /** @var string|null $postLogoutRedirectUri */
         $postLogoutRedirectUri = $resultBag->getOrFail(PostLogoutRedirectUriRule::class)->getValue();
-        /** @var string|null $state */
         $state = $resultBag->getOrFail(StateRule::class)->getValue();
         /** @var string|null $uiLocales */
         $uiLocales = $resultBag->getOrFail(UiLocalesRule::class)->getValue();
diff --git a/src/Server/Grants/AuthCodeGrant.php b/src/Server/Grants/AuthCodeGrant.php
index 99f76a9a..7279014c 100644
--- a/src/Server/Grants/AuthCodeGrant.php
+++ b/src/Server/Grants/AuthCodeGrant.php
@@ -525,12 +525,10 @@ public function respondToAccessTokenRequest(
         // it is predefined as the ClientRule result and authenticated against by ClientAuthenticationRule above.
         $client = $authorizationClientEntity;
 
-        /** @var ?ResolvedClientAuthenticationMethod $resolvedClientAuthenticationMethod */
         $resolvedClientAuthenticationMethod = $authorizationClientEntity->isGeneric() ?
         null :
         $resultBag->getOrFail(ClientAuthenticationRule::class)->getValue();
 
-        /** @var ?string $codeVerifier */
         $codeVerifier = $resultBag->getOrFail(CodeVerifierRule::class)->getValue();
 
         $utilizedClientAuthenticationParams = [];
@@ -777,13 +775,9 @@ public function validateAuthorizationRequestWithRequestRules(
         // Since we have already validated redirect_uri, and we have state, make it available for other checkers.
         $this->requestRulesManager->predefineResultBag($resultBag);
 
-        /** @var string $redirectUri */
         $redirectUri = $resultBag->getOrFail(ClientRedirectUriRule::class)->getValue();
-        /** @var string|null $state */
         $state = $resultBag->getOrFail(StateRule::class)->getValue();
-        /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */
         $client = $resultBag->getOrFail(ClientRule::class)->getValue();
-        /** @var \SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface $responseMode */
         $responseMode = $resultBag->getOrFail(ResponseModeRule::class)->getValue();
 
         $this->loggerService->debug('AuthCodeGrant: Resolved data:', [
@@ -805,7 +799,6 @@ public function validateAuthorizationRequestWithRequestRules(
 
         $this->loggerService->debug('AuthCodeGrant: executed rules.', ['rulesToExecute' => $rulesToExecute]);
 
-        /** @var \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes */
         $scopes = $resultBag->getOrFail(ScopeRule::class)->getValue();
 
         $this->loggerService->debug('AuthCodeGrant: Resolved scopes: ', ['scopes' => $scopes]);
@@ -821,13 +814,11 @@ public function validateAuthorizationRequestWithRequestRules(
             $oAuth2AuthorizationRequest->setState($state);
         }
 
-        /** @var ?string $codeChallenge */
         $codeChallenge = $resultBag->getOrFail(CodeChallengeRule::class)->getValue();
         if ($codeChallenge) {
             $this->loggerService->debug('AuthCodeGrant: Code challenge: ', [
                 'codeChallenge' => $codeChallenge,
             ]);
-            /** @var string $codeChallengeMethod */
             $codeChallengeMethod = $resultBag->getOrFail(CodeChallengeMethodRule::class)->getValue();
 
             $oAuth2AuthorizationRequest->setCodeChallenge($codeChallenge);
@@ -879,7 +870,7 @@ public function validateAuthorizationRequestWithRequestRules(
         $maxAge = $resultBag->get(MaxAgeRule::class);
         $this->loggerService->debug('AuthCodeGrant: MaxAge: ', ['maxAge' => $maxAge]);
         if (null !== $maxAge) {
-            $authorizationRequest->setAuthTime((int) $maxAge->getValue());
+            $authorizationRequest->setAuthTime($maxAge->getValue());
         }
 
         $requestClaims = $resultBag->get(RequestedClaimsRule::class);
@@ -892,7 +883,6 @@ public function validateAuthorizationRequestWithRequestRules(
             }
         }
 
-        /** @var array|null $acrValues */
         $acrValues = $resultBag->getOrFail(AcrValuesRule::class)->getValue();
         $this->loggerService->debug('AuthCodeGrant: ACR values: ', ['acrValues' => $acrValues]);
         $authorizationRequest->setRequestedAcrValues($acrValues);
@@ -904,12 +894,10 @@ public function validateAuthorizationRequestWithRequestRules(
         $this->loggerService->debug('AuthCodeGrant: FlowType: ', ['flowType' => $flowType]);
         $authorizationRequest->setFlowType($flowType);
 
-        /** @var ?string $issuerState */
         $issuerState = $resultBag->get(IssuerStateRule::class)?->getValue();
         $this->loggerService->debug('AuthCodeGrant: Issuer state: ', ['issuerState' => $issuerState]);
         $authorizationRequest->setIssuerState($issuerState);
 
-        /** @var ?array $authorizationDetails */
         $authorizationDetails = $resultBag->get(AuthorizationDetailsRule::class)?->getValue();
         $this->loggerService->debug(
             'AuthCodeGrant: Authorization details: ',
@@ -917,7 +905,6 @@ public function validateAuthorizationRequestWithRequestRules(
         );
         $authorizationRequest->setAuthorizationDetails($authorizationDetails);
 
-        /** @var \SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface $responseMode */
         $responseMode = $resultBag->getOrFail(ResponseModeRule::class)->getValue();
         $this->loggerService->debug(
             'AuthCodeGrant: Response mode: ',
@@ -955,7 +942,6 @@ public function validateAuthorizationRequestWithRequestRules(
                 ['genericClientId' => $client->getIdentifier()],
             );
             // The generic client was used. Make sure to store actually used client_id and redirect_uri params.
-            /** @var string $clientIdParam */
             $clientIdParam = $resultBag->getOrFail(ClientIdRule::class)->getValue();
             $this->loggerService->debug(
                 'AuthCodeGrant: Binding client_id param to request: ',
diff --git a/src/Server/Grants/ImplicitGrant.php b/src/Server/Grants/ImplicitGrant.php
index 75fcf1c8..7d6f2901 100644
--- a/src/Server/Grants/ImplicitGrant.php
+++ b/src/Server/Grants/ImplicitGrant.php
@@ -137,13 +137,9 @@ public function validateAuthorizationRequestWithRequestRules(
 
         $this->requestRulesManager->predefineResultBag($resultBag);
 
-        /** @var string $redirectUri */
         $redirectUri = $resultBag->getOrFail(ClientRedirectUriRule::class)->getValue();
-        /** @var string|null $state */
         $state = $resultBag->getOrFail(StateRule::class)->getValue();
-        /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */
         $client = $resultBag->getOrFail(ClientRule::class)->getValue();
-        /** @var \SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface $responseMode */
         $responseMode = $resultBag->getOrFail(ResponseModeRule::class)->getValue();
 
         // Some rules need certain things available in order to work properly...
@@ -157,7 +153,6 @@ public function validateAuthorizationRequestWithRequestRules(
             $this->allowedAuthorizationHttpMethods,
         );
 
-        /** @var \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes */
         $scopes = $resultBag->getOrFail(ScopeRule::class)->getValue();
 
         $authorizationRequest = new AuthorizationRequest();
@@ -170,11 +165,11 @@ public function validateAuthorizationRequestWithRequestRules(
         }
 
         // nonce existence is validated using a rule, so we can get it from there.
-        $authorizationRequest->setNonce((string)$resultBag->getOrFail(RequiredNonceRule::class)->getValue());
+        $authorizationRequest->setNonce($resultBag->getOrFail(RequiredNonceRule::class)->getValue());
 
         $maxAge = $resultBag->get(MaxAgeRule::class);
         if (null !== $maxAge) {
-            $authorizationRequest->setAuthTime((int) $maxAge->getValue());
+            $authorizationRequest->setAuthTime($maxAge->getValue());
         }
 
         $requestClaims = $resultBag->get(RequestedClaimsRule::class);
@@ -185,19 +180,15 @@ public function validateAuthorizationRequestWithRequestRules(
                 $authorizationRequest->setClaims($requestClaimValues);
             }
         }
-        /** @var bool $addClaimsToIdToken */
         $addClaimsToIdToken = ($resultBag->getOrFail(AddClaimsToIdTokenRule::class))->getValue();
         $authorizationRequest->setAddClaimsToIdToken($addClaimsToIdToken);
 
-        /** @var string $responseType */
         $responseType = ($resultBag->getOrFail(ResponseTypeRule::class))->getValue();
         $authorizationRequest->setResponseType($responseType);
 
-        /** @var array|null $acrValues */
         $acrValues = $resultBag->getOrFail(AcrValuesRule::class)->getValue();
         $authorizationRequest->setRequestedAcrValues($acrValues);
 
-        /** @var \SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface $responseMode */
         $responseMode = $resultBag->getOrFail(ResponseModeRule::class)->getValue();
         $authorizationRequest->setResponseMode($responseMode);
 
diff --git a/src/Server/Grants/PreAuthCodeGrant.php b/src/Server/Grants/PreAuthCodeGrant.php
index befc7b15..2a364e1b 100644
--- a/src/Server/Grants/PreAuthCodeGrant.php
+++ b/src/Server/Grants/PreAuthCodeGrant.php
@@ -187,7 +187,6 @@ public function respondToAccessTokenRequest(
             $this->allowedTokenHttpMethods,
         );
 
-        /** @var ?array $authorizationDetails */
         $authorizationDetails = $resultBag->get(AuthorizationDetailsRule::class)?->getValue();
 
         // Issue and persist new access token
diff --git a/src/Server/RequestRules/Interfaces/RequestRuleInterface.php b/src/Server/RequestRules/Interfaces/RequestRuleInterface.php
index 65a39950..646356d7 100644
--- a/src/Server/RequestRules/Interfaces/RequestRuleInterface.php
+++ b/src/Server/RequestRules/Interfaces/RequestRuleInterface.php
@@ -5,11 +5,19 @@
 namespace SimpleSAML\Module\oidc\Server\RequestRules\Interfaces;
 
 use Psr\Http\Message\ServerRequestInterface;
+use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
 use SimpleSAML\Module\oidc\Services\LoggerService;
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 
+/**
+ * The generic parameter T describes the type of value the rule yields into the result bag. It is
+ * bound by each concrete rule (via `@extends AbstractRule<...>`) and consumed by the ResultBag,
+ * which uses it to infer the value type when a result is fetched by its rule class-string.
+ *
+ * @template-covariant T
+ */
 interface RequestRuleInterface
 {
     /**
@@ -27,7 +35,8 @@ public function getKey(): string;
      * @param ResponseModeInterface $responseMode Response mode to use for error responses
      * @param HttpMethodsEnum[] $allowedServerRequestMethods Indicate allowed HTTP methods used for request
      *
-     * @return \SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface|null Result of the specific check
+     * @return \SimpleSAML\Module\oidc\Server\RequestRules\Result<mixed>|null Result of the specific check
+     *   (the concrete value type T is bound per rule and surfaced via the ResultBag accessors)
      *
      * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException If check fails
      */
@@ -38,5 +47,5 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface;
+    ): ?Result;
 }
diff --git a/src/Server/RequestRules/Interfaces/ResultBagInterface.php b/src/Server/RequestRules/Interfaces/ResultBagInterface.php
index a965de32..ec577aba 100644
--- a/src/Server/RequestRules/Interfaces/ResultBagInterface.php
+++ b/src/Server/RequestRules/Interfaces/ResultBagInterface.php
@@ -4,27 +4,56 @@
 
 namespace SimpleSAML\Module\oidc\Server\RequestRules\Interfaces;
 
+use SimpleSAML\Module\oidc\Server\RequestRules\Result;
+
 interface ResultBagInterface
 {
     /**
      * Add result to the result bag.
+     *
+     * @param \SimpleSAML\Module\oidc\Server\RequestRules\Result<mixed> $result
      */
-    public function add(ResultInterface $result): void;
+    public function add(Result $result): void;
 
     /**
      * Get specific result or null if it doesn't exist.
+     *
+     * The value type is inferred from the rule class-string passed as the key.
+     *
+     * @template T
+     * @param class-string<RequestRuleInterface<T>> $key
+     * @return \SimpleSAML\Module\oidc\Server\RequestRules\Result<T>|null
+     */
+    public function get(string $key): ?Result;
+
+    /**
+     * Get specific result or fail if it doesn't exist.
+     *
+     * The value type is inferred from the rule class-string passed as the key.
+     *
+     * @template T
+     * @param class-string<RequestRuleInterface<T>> $key
+     * @return \SimpleSAML\Module\oidc\Server\RequestRules\Result<T>
+     * @throws \Throwable If result with specific key is not present.
      */
-    public function get(string $key): ?ResultInterface;
+    public function getOrFail(string $key): Result;
 
     /**
-     * Get specific result or fail if it doesn't exits.
+     * Get the value of a specific result or fail if the result doesn't exist.
+     *
+     * Convenience accessor that skips the intermediate Result object. The value type is inferred
+     * from the rule class-string passed as the key.
+     *
+     * @template T
+     * @param class-string<RequestRuleInterface<T>> $key
+     * @return T
      * @throws \Throwable If result with specific key is not present.
      */
-    public function getOrFail(string $key): ResultInterface;
+    public function getValueOrFail(string $key): mixed;
 
     /**
      * Get all results.
-     * @return \SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface[]
+     * @return array<string, \SimpleSAML\Module\oidc\Server\RequestRules\Result<mixed>>
      */
     public function getAll(): array;
 
diff --git a/src/Server/RequestRules/Interfaces/ResultInterface.php b/src/Server/RequestRules/Interfaces/ResultInterface.php
deleted file mode 100644
index e061d477..00000000
--- a/src/Server/RequestRules/Interfaces/ResultInterface.php
+++ /dev/null
@@ -1,25 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace SimpleSAML\Module\oidc\Server\RequestRules\Interfaces;
-
-interface ResultInterface
-{
-    /**
-     * Get result key.
-     * @return string
-     */
-    public function getKey(): string;
-
-    /**
-     * Get result value.
-     * @return mixed
-     */
-    public function getValue(): mixed;
-
-    /**
-     * Set (new) value.
-     */
-    public function setValue(mixed $value): void;
-}
diff --git a/src/Server/RequestRules/RequestRulesManager.php b/src/Server/RequestRules/RequestRulesManager.php
index 9adfad34..e8f8e85b 100644
--- a/src/Server/RequestRules/RequestRulesManager.php
+++ b/src/Server/RequestRules/RequestRulesManager.php
@@ -8,7 +8,6 @@
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\RequestRuleInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
 use SimpleSAML\Module\oidc\Services\LoggerService;
@@ -84,7 +83,7 @@ public function check(
     /**
      * Predefine (add) the existing result, so it can be used by other checkers during check.
      */
-    public function predefineResult(ResultInterface $result): void
+    public function predefineResult(Result $result): void
     {
         $this->resultBag->add($result);
     }
diff --git a/src/Server/RequestRules/Result.php b/src/Server/RequestRules/Result.php
index 492ddf14..784581b1 100644
--- a/src/Server/RequestRules/Result.php
+++ b/src/Server/RequestRules/Result.php
@@ -4,13 +4,19 @@
 
 namespace SimpleSAML\Module\oidc\Server\RequestRules;
 
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
-
-class Result implements ResultInterface
+/**
+ * Result of a single request rule check.
+ *
+ * The generic parameter T describes the type of the contained value. Each rule binds it via
+ * its `@extends AbstractRule<...>` annotation, which in turn lets the ResultBag infer the value
+ * type when a result is fetched by its rule class-string.
+ *
+ * @template-covariant T
+ */
+class Result
 {
     /**
-     * Result constructor.
-     * @param mixed|null $value
+     * @param T $value
      */
     public function __construct(protected string $key, protected mixed $value = null)
     {
@@ -21,13 +27,11 @@ public function getKey(): string
         return $this->key;
     }
 
+    /**
+     * @return T
+     */
     public function getValue(): mixed
     {
         return $this->value;
     }
-
-    public function setValue(mixed $value): void
-    {
-        $this->value = $value;
-    }
 }
diff --git a/src/Server/RequestRules/ResultBag.php b/src/Server/RequestRules/ResultBag.php
index 466b4460..a45e15a9 100644
--- a/src/Server/RequestRules/ResultBag.php
+++ b/src/Server/RequestRules/ResultBag.php
@@ -6,39 +6,38 @@
 
 use LogicException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 
 use function sprintf;
 
 class ResultBag implements ResultBagInterface
 {
     /**
-     * @var \SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface[] $results
+     * @var array<string, \SimpleSAML\Module\oidc\Server\RequestRules\Result<mixed>> $results
      */
     protected array $results = [];
 
-    /**
-     * @param \SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface $result
-     */
-    public function add(ResultInterface $result): void
+    public function add(Result $result): void
     {
         $this->results[$result->getKey()] = $result;
     }
 
     /**
-     * @param string $key
-     * @return \SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface|null
+     * @template T
+     * @param class-string<\SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\RequestRuleInterface<T>> $key
+     * @return \SimpleSAML\Module\oidc\Server\RequestRules\Result<T>|null
      */
-    public function get(string $key): ?ResultInterface
+    public function get(string $key): ?Result
     {
+        /** @var \SimpleSAML\Module\oidc\Server\RequestRules\Result<T>|null */
         return $this->results[$key] ?? null;
     }
 
     /**
-     * @param string $key
-     * @return \SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface
+     * @template T
+     * @param class-string<\SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\RequestRuleInterface<T>> $key
+     * @return \SimpleSAML\Module\oidc\Server\RequestRules\Result<T>
      */
-    public function getOrFail(string $key): ResultInterface
+    public function getOrFail(string $key): Result
     {
         $result = $this->get($key);
 
@@ -52,16 +51,23 @@ public function getOrFail(string $key): ResultInterface
     }
 
     /**
-     * @return \SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface[]
+     * @template T
+     * @param class-string<\SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\RequestRuleInterface<T>> $key
+     * @return T
      */
-    public function getAll(): array
+    public function getValueOrFail(string $key): mixed
     {
-        return $this->results;
+        return $this->getOrFail($key)->getValue();
     }
 
     /**
-     * @param string $key
+     * @return array<string, \SimpleSAML\Module\oidc\Server\RequestRules\Result<mixed>>
      */
+    public function getAll(): array
+    {
+        return $this->results;
+    }
+
     public function remove(string $key): void
     {
         unset($this->results[$key]);
diff --git a/src/Server/RequestRules/Rules/AbstractRule.php b/src/Server/RequestRules/Rules/AbstractRule.php
index 29dd7748..fe4eb48f 100644
--- a/src/Server/RequestRules/Rules/AbstractRule.php
+++ b/src/Server/RequestRules/Rules/AbstractRule.php
@@ -12,6 +12,10 @@
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 use SimpleSAML\OpenID\Codebooks\ScopesEnum;
 
+/**
+ * @template T
+ * @implements RequestRuleInterface<T>
+ */
 abstract class AbstractRule implements RequestRuleInterface
 {
     public function __construct(
diff --git a/src/Server/RequestRules/Rules/AcrValuesRule.php b/src/Server/RequestRules/Rules/AcrValuesRule.php
index d971303b..85ed2413 100644
--- a/src/Server/RequestRules/Rules/AcrValuesRule.php
+++ b/src/Server/RequestRules/Rules/AcrValuesRule.php
@@ -6,7 +6,6 @@
 
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -14,6 +13,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<array|null>
+ */
 class AcrValuesRule extends AbstractRule
 {
     /**
@@ -29,7 +31,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('AcrValuesRule::checkRule');
 
         $acrValues = [
diff --git a/src/Server/RequestRules/Rules/AddClaimsToIdTokenRule.php b/src/Server/RequestRules/Rules/AddClaimsToIdTokenRule.php
index e0ca70f1..5fd6473a 100644
--- a/src/Server/RequestRules/Rules/AddClaimsToIdTokenRule.php
+++ b/src/Server/RequestRules/Rules/AddClaimsToIdTokenRule.php
@@ -6,13 +6,15 @@
 
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
 use SimpleSAML\Module\oidc\Services\LoggerService;
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 
+/**
+ * @extends AbstractRule<bool>
+ */
 class AddClaimsToIdTokenRule extends AbstractRule
 {
     /**
@@ -29,8 +31,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
-        /** @var string $responseType */
+    ): ?Result {
         $responseType = $currentResultBag->getOrFail(ResponseTypeRule::class)->getValue();
 
         return new Result($this->getKey(), $responseType === "id_token");
diff --git a/src/Server/RequestRules/Rules/AuthorizationDetailsRule.php b/src/Server/RequestRules/Rules/AuthorizationDetailsRule.php
index 4af36369..9603bba0 100644
--- a/src/Server/RequestRules/Rules/AuthorizationDetailsRule.php
+++ b/src/Server/RequestRules/Rules/AuthorizationDetailsRule.php
@@ -9,7 +9,6 @@
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -18,6 +17,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<array>
+ */
 class AuthorizationDetailsRule extends AbstractRule
 {
     public function __construct(
@@ -41,7 +43,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('AuthorizationDetailsRule::checkRule.');
 
         $authorizationDetailsParam = $this->requestParamsResolver->getAsStringBasedOnAllowedMethods(
diff --git a/src/Server/RequestRules/Rules/ClientAuthenticationRule.php b/src/Server/RequestRules/Rules/ClientAuthenticationRule.php
index 86861272..c3da1821 100644
--- a/src/Server/RequestRules/Rules/ClientAuthenticationRule.php
+++ b/src/Server/RequestRules/Rules/ClientAuthenticationRule.php
@@ -9,7 +9,6 @@
 use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -19,6 +18,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<\SimpleSAML\Module\oidc\ValueAbstracts\ResolvedClientAuthenticationMethod>
+ */
 class ClientAuthenticationRule extends AbstractRule
 {
     public function __construct(
@@ -43,7 +45,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
 
         $loggerService->debug('ClientAuthenticationRule::checkRule');
 
@@ -53,7 +55,6 @@ public function checkRule(
         // private_key_jwt via the assertion issuer, client_secret_basic via the Authorization header). When no client
         // is pre-fetched, the resolver derives and authenticates the client purely from the presented authentication
         // material, and cross-checks any client_id it does find against that material.
-        /** @var ?\SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $preFetchedClient */
         $preFetchedClient = $currentResultBag->get(ClientRule::class)?->getValue();
 
         if (!$preFetchedClient instanceof ClientEntityInterface) {
diff --git a/src/Server/RequestRules/Rules/ClientIdRule.php b/src/Server/RequestRules/Rules/ClientIdRule.php
index 0a2e80bc..3ccda9f9 100644
--- a/src/Server/RequestRules/Rules/ClientIdRule.php
+++ b/src/Server/RequestRules/Rules/ClientIdRule.php
@@ -7,7 +7,6 @@
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -17,6 +16,8 @@
 
 /**
  * Resolve a client instance based on a client_id or request object.
+ *
+ * @extends AbstractRule<string>
  */
 class ClientIdRule extends AbstractRule
 {
@@ -46,7 +47,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('ClientIdRule::checkRule');
 
         /** @var ?string $clientId */
diff --git a/src/Server/RequestRules/Rules/ClientRedirectUriRule.php b/src/Server/RequestRules/Rules/ClientRedirectUriRule.php
index d4aa11f1..86c47bc1 100644
--- a/src/Server/RequestRules/Rules/ClientRedirectUriRule.php
+++ b/src/Server/RequestRules/Rules/ClientRedirectUriRule.php
@@ -11,7 +11,6 @@
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -20,6 +19,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<string>
+ */
 class ClientRedirectUriRule extends AbstractRule
 {
     public function __construct(
@@ -45,7 +47,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('RedirectUriRule::checkRule');
         $client = $currentResultBag->getOrFail(ClientRule::class)->getValue();
         if (! $client instanceof ClientEntityInterface) {
diff --git a/src/Server/RequestRules/Rules/ClientRule.php b/src/Server/RequestRules/Rules/ClientRule.php
index aef34bb6..8f3e94ed 100644
--- a/src/Server/RequestRules/Rules/ClientRule.php
+++ b/src/Server/RequestRules/Rules/ClientRule.php
@@ -15,7 +15,6 @@
 use SimpleSAML\Module\oidc\Repositories\ClientRepository;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -34,6 +33,8 @@
 
 /**
  * Resolve a client instance based on a client_id or request object.
+ *
+ * @extends AbstractRule<\SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface>
  */
 class ClientRule extends AbstractRule
 {
@@ -80,7 +81,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('ClientRule::checkRule.');
 
         /** @var ?string $clientId */
diff --git a/src/Server/RequestRules/Rules/CodeChallengeMethodRule.php b/src/Server/RequestRules/Rules/CodeChallengeMethodRule.php
index f0e46c42..32d4687b 100644
--- a/src/Server/RequestRules/Rules/CodeChallengeMethodRule.php
+++ b/src/Server/RequestRules/Rules/CodeChallengeMethodRule.php
@@ -9,7 +9,6 @@
 use SimpleSAML\Module\oidc\Repositories\CodeChallengeVerifiersRepository;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -18,6 +17,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<string>
+ */
 class CodeChallengeMethodRule extends AbstractRule
 {
     public function __construct(
@@ -42,12 +44,10 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('CodeChallengeMethodRule::checkRule');
 
-        /** @var string $redirectUri */
         $redirectUri = $currentResultBag->getOrFail(ClientRedirectUriRule::class)->getValue();
-        /** @var string|null $state */
         $state = $currentResultBag->getOrFail(StateRule::class)->getValue();
 
         $codeChallengeMethod = $this->requestParamsResolver->getAsStringBasedOnAllowedMethods(
diff --git a/src/Server/RequestRules/Rules/CodeChallengeRule.php b/src/Server/RequestRules/Rules/CodeChallengeRule.php
index b55d79d6..d659be86 100644
--- a/src/Server/RequestRules/Rules/CodeChallengeRule.php
+++ b/src/Server/RequestRules/Rules/CodeChallengeRule.php
@@ -7,7 +7,6 @@
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -15,6 +14,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<string|null>
+ */
 class CodeChallengeRule extends AbstractRule
 {
     /**
@@ -32,14 +34,11 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('CodeChallengeRule::checkRule');
 
-        /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */
         $client = $currentResultBag->getOrFail(ClientRule::class)->getValue();
-        /** @var string $redirectUri */
         $redirectUri = $currentResultBag->getOrFail(ClientRedirectUriRule::class)->getValue();
-        /** @var string|null $state */
         $state = $currentResultBag->getOrFail(StateRule::class)->getValue();
 
         $codeChallenge = $this->requestParamsResolver->getAsStringBasedOnAllowedMethods(
diff --git a/src/Server/RequestRules/Rules/CodeVerifierRule.php b/src/Server/RequestRules/Rules/CodeVerifierRule.php
index d4bcc04a..b4ab9ff2 100644
--- a/src/Server/RequestRules/Rules/CodeVerifierRule.php
+++ b/src/Server/RequestRules/Rules/CodeVerifierRule.php
@@ -7,7 +7,6 @@
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -15,6 +14,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<string|null>
+ */
 class CodeVerifierRule extends AbstractRule
 {
     /**
@@ -30,8 +32,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
-        /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */
+    ): ?Result {
         $client = $currentResultBag->getOrFail(ClientRule::class)->getValue();
 
         $codeVerifier = $this->requestParamsResolver->getFromRequestBasedOnAllowedMethods(
diff --git a/src/Server/RequestRules/Rules/IdTokenHintRule.php b/src/Server/RequestRules/Rules/IdTokenHintRule.php
index dc481b22..744b1218 100644
--- a/src/Server/RequestRules/Rules/IdTokenHintRule.php
+++ b/src/Server/RequestRules/Rules/IdTokenHintRule.php
@@ -9,7 +9,6 @@
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -20,6 +19,9 @@
 use SimpleSAML\OpenID\Core;
 use SimpleSAML\OpenID\Jwks;
 
+/**
+ * @extends AbstractRule<\SimpleSAML\OpenID\Core\IdToken|null>
+ */
 class IdTokenHintRule extends AbstractRule
 {
     public function __construct(
@@ -47,8 +49,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
-        /** @var string|null $state */
+    ): ?Result {
         $state = $currentResultBag->getOrFail(StateRule::class)->getValue();
 
         $idTokenHintParam = $this->requestParamsResolver->getAsStringBasedOnAllowedMethods(
diff --git a/src/Server/RequestRules/Rules/IssuerStateRule.php b/src/Server/RequestRules/Rules/IssuerStateRule.php
index 962e94e9..0a1174ce 100644
--- a/src/Server/RequestRules/Rules/IssuerStateRule.php
+++ b/src/Server/RequestRules/Rules/IssuerStateRule.php
@@ -6,7 +6,6 @@
 
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -14,6 +13,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<string|null>
+ */
 class IssuerStateRule extends AbstractRule
 {
     /**
@@ -29,7 +31,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $issuerState = $this->requestParamsResolver->getAsStringBasedOnAllowedMethods(
             ParamsEnum::IssuerState->value,
             $request,
diff --git a/src/Server/RequestRules/Rules/MaxAgeRule.php b/src/Server/RequestRules/Rules/MaxAgeRule.php
index 1b02c085..ded4849f 100644
--- a/src/Server/RequestRules/Rules/MaxAgeRule.php
+++ b/src/Server/RequestRules/Rules/MaxAgeRule.php
@@ -10,7 +10,6 @@
 use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -20,6 +19,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<int>
+ */
 class MaxAgeRule extends AbstractRule
 {
     public function __construct(
@@ -50,7 +52,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('MaxAgeRule::checkRule');
 
         $requestParams = $this->requestParamsResolver->getAllBasedOnAllowedMethods(
@@ -58,7 +60,6 @@ public function checkRule(
             $allowedServerRequestMethods,
         );
 
-        /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */
         $client = $currentResultBag->getOrFail(ClientRule::class)->getValue();
 
         $authSimple = $this->authSimpleFactory->build($client);
@@ -67,9 +68,7 @@ public function checkRule(
             return null;
         }
 
-        /** @var string $redirectUri */
         $redirectUri = $currentResultBag->getOrFail(ClientRedirectUriRule::class)->getValue();
-        /** @var ?string $state */
         $state = $currentResultBag->getOrFail(StateRule::class)->getValue();
 
         if (
diff --git a/src/Server/RequestRules/Rules/PostLogoutRedirectUriRule.php b/src/Server/RequestRules/Rules/PostLogoutRedirectUriRule.php
index f5be3eb3..5c6886a3 100644
--- a/src/Server/RequestRules/Rules/PostLogoutRedirectUriRule.php
+++ b/src/Server/RequestRules/Rules/PostLogoutRedirectUriRule.php
@@ -9,7 +9,6 @@
 use SimpleSAML\Module\oidc\Repositories\ClientRepository;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -18,6 +17,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<string|null>
+ */
 class PostLogoutRedirectUriRule extends AbstractRule
 {
     public function __construct(
@@ -43,11 +45,9 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
-        /** @var string|null $state */
+    ): ?Result {
         $state = $currentResultBag->getOrFail(StateRule::class)->getValue();
 
-        /** @var \SimpleSAML\OpenID\Core\IdToken|null $idTokenHint */
         $idTokenHint = $currentResultBag->getOrFail(IdTokenHintRule::class)->getValue();
 
         $postLogoutRedirectUri = $this->requestParamsResolver->getAsStringBasedOnAllowedMethods(
diff --git a/src/Server/RequestRules/Rules/PromptRule.php b/src/Server/RequestRules/Rules/PromptRule.php
index 9b708ab3..3b4cbee2 100644
--- a/src/Server/RequestRules/Rules/PromptRule.php
+++ b/src/Server/RequestRules/Rules/PromptRule.php
@@ -11,7 +11,7 @@
 use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
+use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
 use SimpleSAML\Module\oidc\Services\AuthenticationService;
@@ -20,6 +20,12 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * This rule never yields a value into the result bag (it only performs validation / side effects),
+ * so its value type is `never`.
+ *
+ * @extends AbstractRule<never>
+ */
 class PromptRule extends AbstractRule
 {
     public function __construct(
@@ -51,10 +57,9 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('PromptRule::checkRule');
 
-        /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */
         $client = $currentResultBag->getOrFail(ClientRule::class)->getValue();
 
         $authSimple = $this->authSimpleFactory->build($client);
@@ -72,9 +77,7 @@ public function checkRule(
         if (count($prompt) > 1 && in_array('none', $prompt, true)) {
             throw OAuthServerException::invalidRequest(ParamsEnum::Prompt->value, 'Invalid prompt parameter');
         }
-        /** @var string $redirectUri */
         $redirectUri = $currentResultBag->getOrFail(ClientRedirectUriRule::class)->getValue();
-        /** @var ?string $state */
         $state = $currentResultBag->getOrFail(StateRule::class)->getValue();
 
         if (in_array('none', $prompt, true) && !$authSimple->isAuthenticated()) {
diff --git a/src/Server/RequestRules/Rules/RequestObjectRule.php b/src/Server/RequestRules/Rules/RequestObjectRule.php
index c07372ee..e4c2e96f 100644
--- a/src/Server/RequestRules/Rules/RequestObjectRule.php
+++ b/src/Server/RequestRules/Rules/RequestObjectRule.php
@@ -10,7 +10,6 @@
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -22,6 +21,9 @@
 use SimpleSAML\OpenID\Core\RequestObject as ConnectRequestObject;
 use SimpleSAML\OpenID\Jar\RequestObject as JarRequestObject;
 
+/**
+ * @extends AbstractRule<array>
+ */
 class RequestObjectRule extends AbstractRule
 {
     public function __construct(
@@ -47,7 +49,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('RequestObjectRule::checkRule');
 
         // A Request Object can be passed by value (request param) or by reference (https request_uri param).
@@ -66,11 +68,8 @@ public function checkRule(
             return null;
         }
 
-        /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */
         $client = $currentResultBag->getOrFail(ClientRule::class)->getValue();
-        /** @var string $redirectUri */
         $redirectUri = $currentResultBag->getOrFail(ClientRedirectUriRule::class)->getValue();
-        /** @var ?string $stateValue */
         $stateValue = ($currentResultBag->get(StateRule::class))?->getValue();
 
         // Parse it using all available Request Object flavors, so we can differentiate between OpenID Connect
diff --git a/src/Server/RequestRules/Rules/RequestUriRule.php b/src/Server/RequestRules/Rules/RequestUriRule.php
index a30ef44e..1023d73a 100644
--- a/src/Server/RequestRules/Rules/RequestUriRule.php
+++ b/src/Server/RequestRules/Rules/RequestUriRule.php
@@ -21,7 +21,6 @@
 use SimpleSAML\Module\oidc\Repositories\PushedAuthorizationRequestRepository;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -46,6 +45,8 @@
  *
  * @see \SimpleSAML\Module\oidc\Utils\RequestParamsResolver
  * @see \SimpleSAML\Module\oidc\Server\RequestRules\Rules\RequestObjectRule
+ *
+ * @extends AbstractRule<string>
  */
 class RequestUriRule extends AbstractRule
 {
@@ -72,7 +73,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('RequestUriRule::checkRule');
 
         // Note: we are intentionally working with raw request params here
@@ -84,7 +85,6 @@ public function checkRule(
             $allowedServerRequestMethods,
         );
 
-        /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */
         $client = $currentResultBag->getOrFail(ClientRule::class)->getValue();
 
         $isParRequired = $this->moduleConfig->getRequirePushedAuthorizationRequests() ||
@@ -160,7 +160,7 @@ protected function checkPushedAuthorizationRequestUri(
         string $clientIdParam,
         ClientEntityInterface $client,
         LoggerService $loggerService,
-    ): ResultInterface {
+    ): Result {
         $parEntity = $this->pushedAuthorizationRequestRepository->find($requestUri);
 
         if ($parEntity === null) {
@@ -226,7 +226,7 @@ protected function checkHttpsRequestUri(
         ServerRequestInterface $request,
         bool $isParRequired,
         array $allowedServerRequestMethods,
-    ): ResultInterface {
+    ): Result {
         if ($isParRequired) {
             throw OidcServerException::invalidRequest(
                 ParamsEnum::RequestUri->value,
diff --git a/src/Server/RequestRules/Rules/RequestedClaimsRule.php b/src/Server/RequestRules/Rules/RequestedClaimsRule.php
index 18388d64..39a2d8f9 100644
--- a/src/Server/RequestRules/Rules/RequestedClaimsRule.php
+++ b/src/Server/RequestRules/Rules/RequestedClaimsRule.php
@@ -7,7 +7,6 @@
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -17,6 +16,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<array>
+ */
 class RequestedClaimsRule extends AbstractRule
 {
     public function __construct(
@@ -41,7 +43,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('RequestedClaimsRule::checkRule');
 
         /** @psalm-suppress MixedAssignment We'll check the type. */
@@ -62,7 +64,6 @@ public function checkRule(
         if (is_null($claims)) {
             return null;
         }
-        /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */
         $client = $currentResultBag->getOrFail(ClientRule::class)->getValue();
 
         $authorizedClaims = [];
diff --git a/src/Server/RequestRules/Rules/RequiredNonceRule.php b/src/Server/RequestRules/Rules/RequiredNonceRule.php
index 1839ca9c..2b216aed 100644
--- a/src/Server/RequestRules/Rules/RequiredNonceRule.php
+++ b/src/Server/RequestRules/Rules/RequiredNonceRule.php
@@ -7,7 +7,6 @@
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -15,6 +14,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<string>
+ */
 class RequiredNonceRule extends AbstractRule
 {
     /**
@@ -32,10 +34,8 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
-        /** @var string $redirectUri */
+    ): ?Result {
         $redirectUri = $currentResultBag->getOrFail(ClientRedirectUriRule::class)->getValue();
-        /** @var string|null $state */
         $state = $currentResultBag->getOrFail(StateRule::class)->getValue();
 
         $nonce = $this->requestParamsResolver->getAsStringBasedOnAllowedMethods(
diff --git a/src/Server/RequestRules/Rules/RequiredOpenIdScopeRule.php b/src/Server/RequestRules/Rules/RequiredOpenIdScopeRule.php
index 53b62375..ea003ba6 100644
--- a/src/Server/RequestRules/Rules/RequiredOpenIdScopeRule.php
+++ b/src/Server/RequestRules/Rules/RequiredOpenIdScopeRule.php
@@ -7,13 +7,15 @@
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
 use SimpleSAML\Module\oidc\Services\LoggerService;
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 
+/**
+ * @extends AbstractRule<bool>
+ */
 class RequiredOpenIdScopeRule extends AbstractRule
 {
     /**
@@ -31,14 +33,11 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('RequiredOpenIdScopeRule::checkRule.');
 
-        /** @var string $redirectUri */
         $redirectUri = $currentResultBag->getOrFail(ClientRedirectUriRule::class)->getValue();
-        /** @var string|null $state */
         $state = $currentResultBag->getOrFail(StateRule::class)->getValue();
-        /** @var \League\OAuth2\Server\Entities\ScopeEntityInterface[] $validScopes */
         $validScopes = $currentResultBag->getOrFail(ScopeRule::class)->getValue();
 
         $isOpenIdScopePresent = (bool) array_filter(
diff --git a/src/Server/RequestRules/Rules/ResponseModeRule.php b/src/Server/RequestRules/Rules/ResponseModeRule.php
index a4175cbf..f8c87a71 100644
--- a/src/Server/RequestRules/Rules/ResponseModeRule.php
+++ b/src/Server/RequestRules/Rules/ResponseModeRule.php
@@ -9,7 +9,6 @@
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\FormPostResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\FragmentResponseMode;
@@ -21,6 +20,9 @@
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 use SimpleSAML\OpenID\Codebooks\ResponseModesEnum;
 
+/**
+ * @extends AbstractRule<\SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface>
+ */
 class ResponseModeRule extends AbstractRule
 {
     public function __construct(
@@ -48,7 +50,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $requestParams = $this->requestParamsResolver->getAllBasedOnAllowedMethods(
             $request,
             $allowedServerRequestMethods,
@@ -93,10 +95,11 @@ public function checkRule(
         }
 
         // Validate whether response_mode is allowed by client configuration
-        /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */
         $client = $currentResultBag->getOrFail(ClientRule::class)->getValue();
-        $currentResultBag->getOrFail(ClientRedirectUriRule::class)->getValue();
-        $currentResultBag->getOrFail(StateRule::class)->getValue();
+        // Ensure these prerequisite rules have run (getOrFail throws if their results are absent); their
+        // values are not needed here, only their presence.
+        $currentResultBag->getOrFail(ClientRedirectUriRule::class);
+        $currentResultBag->getOrFail(StateRule::class);
 
         $allowedResponseModes = $client->getAllowedResponseModes();
         if (!in_array($responseModeValue, $allowedResponseModes, true)) {
diff --git a/src/Server/RequestRules/Rules/ResponseTypeRule.php b/src/Server/RequestRules/Rules/ResponseTypeRule.php
index 650faef5..cdf53487 100644
--- a/src/Server/RequestRules/Rules/ResponseTypeRule.php
+++ b/src/Server/RequestRules/Rules/ResponseTypeRule.php
@@ -7,7 +7,6 @@
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -15,6 +14,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<string>
+ */
 class ResponseTypeRule extends AbstractRule
 {
     /**
@@ -30,7 +32,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $requestParams = $this->requestParamsResolver->getAllBasedOnAllowedMethods(
             $request,
             $allowedServerRequestMethods,
@@ -53,6 +55,8 @@ public function checkRule(
         // TODO: Also, we currently don't store allowed response types per client, so nothing to validate in that
         // sense either. This should be fixed in the future, for example in DCR implementation.
 
-        return new Result($this->getKey(), $requestParams[ParamsEnum::ResponseType->value]);
+        $responseType = (string)$requestParams[ParamsEnum::ResponseType->value];
+
+        return new Result($this->getKey(), $responseType);
     }
 }
diff --git a/src/Server/RequestRules/Rules/ScopeOfflineAccessRule.php b/src/Server/RequestRules/Rules/ScopeOfflineAccessRule.php
index fd41cdfe..ab8e31b4 100644
--- a/src/Server/RequestRules/Rules/ScopeOfflineAccessRule.php
+++ b/src/Server/RequestRules/Rules/ScopeOfflineAccessRule.php
@@ -7,13 +7,15 @@
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
 use SimpleSAML\Module\oidc\Services\LoggerService;
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 
+/**
+ * @extends AbstractRule<bool>
+ */
 class ScopeOfflineAccessRule extends AbstractRule
 {
     /**
@@ -30,16 +32,12 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('ScopeOfflineAccessRule::checkRule');
 
-        /** @var string $redirectUri */
         $redirectUri = $currentResultBag->getOrFail(ClientRedirectUriRule::class)->getValue();
-        /** @var string|null $state */
         $state = $currentResultBag->getOrFail(StateRule::class)->getValue();
-        /** @var \SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface $client */
         $client = $currentResultBag->getOrFail(ClientRule::class)->getValue();
-        /** @var \League\OAuth2\Server\Entities\ScopeEntityInterface[] $validScopes */
         $validScopes = $currentResultBag->getOrFail(ScopeRule::class)->getValue();
 
         // Check if offline_access scope is used. If not, we don't have to check anything else.
diff --git a/src/Server/RequestRules/Rules/ScopeRule.php b/src/Server/RequestRules/Rules/ScopeRule.php
index 3bdb9723..7dc16f2f 100644
--- a/src/Server/RequestRules/Rules/ScopeRule.php
+++ b/src/Server/RequestRules/Rules/ScopeRule.php
@@ -10,7 +10,6 @@
 use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -19,6 +18,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<\League\OAuth2\Server\Entities\ScopeEntityInterface[]>
+ */
 class ScopeRule extends AbstractRule
 {
     public function __construct(
@@ -44,12 +46,10 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('ScopeRule::checkRule.');
 
-        /** @var string $redirectUri */
         $redirectUri = $currentResultBag->getOrFail(ClientRedirectUriRule::class)->getValue();
-        /** @var string|null $state */
         $state = $currentResultBag->getOrFail(StateRule::class)->getValue();
         /** @var string $defaultScope */
         $defaultScope = $data['default_scope'] ?? '';
diff --git a/src/Server/RequestRules/Rules/StateRule.php b/src/Server/RequestRules/Rules/StateRule.php
index 8f337281..b7475620 100644
--- a/src/Server/RequestRules/Rules/StateRule.php
+++ b/src/Server/RequestRules/Rules/StateRule.php
@@ -6,7 +6,6 @@
 
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -14,6 +13,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<string|null>
+ */
 class StateRule extends AbstractRule
 {
     /**
@@ -29,7 +31,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         $loggerService->debug('StateRule::checkRule');
 
         $state = $this->requestParamsResolver->getAsStringBasedOnAllowedMethods(
diff --git a/src/Server/RequestRules/Rules/UiLocalesRule.php b/src/Server/RequestRules/Rules/UiLocalesRule.php
index 4561da7b..47aff0f7 100644
--- a/src/Server/RequestRules/Rules/UiLocalesRule.php
+++ b/src/Server/RequestRules/Rules/UiLocalesRule.php
@@ -6,7 +6,6 @@
 
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\QueryResponseMode;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -14,6 +13,9 @@
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
 use SimpleSAML\OpenID\Codebooks\ParamsEnum;
 
+/**
+ * @extends AbstractRule<mixed>
+ */
 class UiLocalesRule extends AbstractRule
 {
     /**
@@ -29,7 +31,7 @@ public function checkRule(
         array $data = [],
         ResponseModeInterface $responseMode = new QueryResponseMode(),
         array $allowedServerRequestMethods = [HttpMethodsEnum::GET],
-    ): ?ResultInterface {
+    ): ?Result {
         return new Result($this->getKey(), $this->requestParamsResolver->getBasedOnAllowedMethods(
             ParamsEnum::UiLocales->value,
             $request,
diff --git a/tests/unit/src/Server/RequestRules/RequestRulesManagerTest.php b/tests/unit/src/Server/RequestRules/RequestRulesManagerTest.php
index 2efabc97..a1fbdbca 100644
--- a/tests/unit/src/Server/RequestRules/RequestRulesManagerTest.php
+++ b/tests/unit/src/Server/RequestRules/RequestRulesManagerTest.php
@@ -10,8 +10,8 @@
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\RequestRuleInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\RequestRulesManager;
+use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
 use SimpleSAML\Module\oidc\Services\LoggerService;
 
@@ -32,7 +32,7 @@ class RequestRulesManagerTest extends TestCase
      */
     public function setUp(): void
     {
-        $this->resultStub = $this->createStub(ResultInterface::class);
+        $this->resultStub = $this->createStub(Result::class);
         $this->resultStub->method('getKey')->willReturn($this->key);
         $this->resultStub->method('getValue')->willReturn($this->value);
 
diff --git a/tests/unit/src/Server/RequestRules/ResultBagTest.php b/tests/unit/src/Server/RequestRules/ResultBagTest.php
index 1c4ccca0..171c6bfa 100644
--- a/tests/unit/src/Server/RequestRules/ResultBagTest.php
+++ b/tests/unit/src/Server/RequestRules/ResultBagTest.php
@@ -50,6 +50,14 @@ public function testGetOrFail(): void
         $this->resultBag->getOrFail('non-existent');
     }
 
+    public function testGetValueOrFail(): void
+    {
+        $this->resultBag->add($this->result);
+        $this->assertSame($this->value, $this->resultBag->getValueOrFail($this->key));
+        $this->expectException(LogicException::class);
+        $this->resultBag->getValueOrFail('non-existent');
+    }
+
     public function testGet(): void
     {
         $this->assertNull($this->resultBag->get($this->key));
diff --git a/tests/unit/src/Server/RequestRules/ResultTest.php b/tests/unit/src/Server/RequestRules/ResultTest.php
index 4c2dc598..0609e06b 100644
--- a/tests/unit/src/Server/RequestRules/ResultTest.php
+++ b/tests/unit/src/Server/RequestRules/ResultTest.php
@@ -43,15 +43,4 @@ public function testGetValue(Result $result): void
     {
         $this->assertSame($this->value, $result->getValue());
     }
-
-    /**
-     * @depends testConstruct
-     */
-    public function testSetValue(Result $result): void
-    {
-        $newValue = 'new-value';
-        $result->setValue($newValue);
-
-        $this->assertSame($newValue, $result->getValue());
-    }
 }
diff --git a/tests/unit/src/Server/RequestRules/Rules/AcrValuesRuleTest.php b/tests/unit/src/Server/RequestRules/Rules/AcrValuesRuleTest.php
index 8a147402..b45de1d4 100644
--- a/tests/unit/src/Server/RequestRules/Rules/AcrValuesRuleTest.php
+++ b/tests/unit/src/Server/RequestRules/Rules/AcrValuesRuleTest.php
@@ -9,7 +9,6 @@
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\RequestRules\Rules\AcrValuesRule;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -36,7 +35,7 @@ protected function setUp(): void
     {
         $this->requestStub = $this->createStub(ServerRequestInterface::class);
         $this->resultBagStub = $this->createStub(ResultBagInterface::class);
-        $this->resultStub = $this->createStub(ResultInterface::class);
+        $this->resultStub = $this->createStub(Result::class);
         $this->loggerServiceStub = $this->createStub(LoggerService::class);
         $this->requestParamsResolverStub = $this->createStub(RequestParamsResolver::class);
         $this->responseModeStub = $this->createStub(ResponseModeInterface::class);
diff --git a/tests/unit/src/Server/RequestRules/Rules/ClientAuthenticationRuleTest.php b/tests/unit/src/Server/RequestRules/Rules/ClientAuthenticationRuleTest.php
index 6bf5d810..5cfe96d5 100644
--- a/tests/unit/src/Server/RequestRules/Rules/ClientAuthenticationRuleTest.php
+++ b/tests/unit/src/Server/RequestRules/Rules/ClientAuthenticationRuleTest.php
@@ -11,7 +11,6 @@
 use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface;
 use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\RequestRules\ResultBag;
 use SimpleSAML\Module\oidc\Server\RequestRules\Rules\ClientAuthenticationRule;
@@ -99,7 +98,7 @@ public function testUsesPreFetchedClientFromResultBag(): void
             $this->responseModeStub,
         );
 
-        $this->assertInstanceOf(ResultInterface::class, $result);
+        $this->assertInstanceOf(Result::class, $result);
         $this->assertSame($resolved, $result->getValue());
     }
 
@@ -136,7 +135,7 @@ public function testFallsBackToClientIdParameterWhenPresent(): void
             $this->responseModeStub,
         );
 
-        $this->assertInstanceOf(ResultInterface::class, $result);
+        $this->assertInstanceOf(Result::class, $result);
         $this->assertSame($resolved, $result->getValue());
     }
 
@@ -175,7 +174,7 @@ public function testDoesNotRequireClientIdParameter(): void
             $this->responseModeStub,
         );
 
-        $this->assertInstanceOf(ResultInterface::class, $result);
+        $this->assertInstanceOf(Result::class, $result);
         $this->assertSame($resolved, $result->getValue());
     }
 
diff --git a/tests/unit/src/Server/RequestRules/Rules/ClientRuleTest.php b/tests/unit/src/Server/RequestRules/Rules/ClientRuleTest.php
index 191c982a..b356e43d 100644
--- a/tests/unit/src/Server/RequestRules/Rules/ClientRuleTest.php
+++ b/tests/unit/src/Server/RequestRules/Rules/ClientRuleTest.php
@@ -14,7 +14,7 @@
 use SimpleSAML\Module\oidc\Repositories\ClientRepository;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
+use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\RequestRules\Rules\ClientRule;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
 use SimpleSAML\Module\oidc\Services\LoggerService;
@@ -129,7 +129,7 @@ public function testCheckRuleForValidClientId(): void
             [],
             $this->responseModeStub,
         );
-        $this->assertInstanceOf(ResultInterface::class, $result);
+        $this->assertInstanceOf(Result::class, $result);
         $this->assertInstanceOf(ClientEntityInterface::class, $result->getValue());
     }
 }
diff --git a/tests/unit/src/Server/RequestRules/Rules/CodeChallengeMethodRuleTest.php b/tests/unit/src/Server/RequestRules/Rules/CodeChallengeMethodRuleTest.php
index e3c66093..b9443452 100644
--- a/tests/unit/src/Server/RequestRules/Rules/CodeChallengeMethodRuleTest.php
+++ b/tests/unit/src/Server/RequestRules/Rules/CodeChallengeMethodRuleTest.php
@@ -13,7 +13,6 @@
 use SimpleSAML\Module\oidc\Repositories\CodeChallengeVerifiersRepository;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\RequestRules\ResultBag;
 use SimpleSAML\Module\oidc\Server\RequestRules\Rules\ClientRedirectUriRule;
@@ -124,7 +123,7 @@ public function testCheckRuleForValidCodeChallengeMethod(): void
             $this->responseModeStub,
         );
 
-        $this->assertInstanceOf(ResultInterface::class, $result);
+        $this->assertInstanceOf(Result::class, $result);
         $this->assertSame('plain', $result->getValue());
     }
 
diff --git a/tests/unit/src/Server/RequestRules/Rules/CodeChallengeRuleTest.php b/tests/unit/src/Server/RequestRules/Rules/CodeChallengeRuleTest.php
index 6e84765d..cc55a113 100644
--- a/tests/unit/src/Server/RequestRules/Rules/CodeChallengeRuleTest.php
+++ b/tests/unit/src/Server/RequestRules/Rules/CodeChallengeRuleTest.php
@@ -12,7 +12,6 @@
 use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\RequestRules\ResultBag;
 use SimpleSAML\Module\oidc\Server\RequestRules\Rules\ClientRedirectUriRule;
@@ -110,7 +109,7 @@ public function testCheckRuleNoCodeReturnsNullForConfidentialClients(): void
             [],
             $this->responseModeStub,
         );
-        $this->assertInstanceOf(ResultInterface::class, $result);
+        $this->assertInstanceOf(Result::class, $result);
         $this->assertNull($result->getValue());
     }
 
@@ -142,7 +141,7 @@ public function testCheckRuleForValidCodeChallenge(): void
             $this->responseModeStub,
         );
 
-        $this->assertInstanceOf(ResultInterface::class, $result);
+        $this->assertInstanceOf(Result::class, $result);
         $this->assertSame($this->codeChallenge, $result->getValue());
     }
 
diff --git a/tests/unit/src/Server/RequestRules/Rules/RedirectUriRuleTest.php b/tests/unit/src/Server/RequestRules/Rules/RedirectUriRuleTest.php
index 68dbd391..2abf5f3b 100644
--- a/tests/unit/src/Server/RequestRules/Rules/RedirectUriRuleTest.php
+++ b/tests/unit/src/Server/RequestRules/Rules/RedirectUriRuleTest.php
@@ -12,7 +12,6 @@
 use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\RequestRules\ResultBag;
 use SimpleSAML\Module\oidc\Server\RequestRules\Rules\ClientRedirectUriRule;
@@ -163,7 +162,7 @@ public function testCheckRuleWithValidRedirectUri(): void
             $this->responseModeStub,
         );
 
-        $this->assertInstanceOf(ResultInterface::class, $result);
+        $this->assertInstanceOf(Result::class, $result);
         $this->assertSame($this->redirectUri, $result->getValue());
     }
 
diff --git a/tests/unit/src/Server/RequestRules/Rules/ScopeOfflineAccessRuleTest.php b/tests/unit/src/Server/RequestRules/Rules/ScopeOfflineAccessRuleTest.php
index a640af98..eec02c23 100644
--- a/tests/unit/src/Server/RequestRules/Rules/ScopeOfflineAccessRuleTest.php
+++ b/tests/unit/src/Server/RequestRules/Rules/ScopeOfflineAccessRuleTest.php
@@ -15,7 +15,7 @@
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
+use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\RequestRules\Rules\ScopeOfflineAccessRule;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
 use SimpleSAML\Module\oidc\Services\LoggerService;
@@ -58,13 +58,13 @@ protected function setUp(): void
         $this->scopeEntityOfflineAccess = $this->createStub(ScopeEntityInterface::class);
         $this->scopeEntityOfflineAccess->method('getIdentifier')->willReturn('offline_access');
 
-        $this->redirectUriResultStub = $this->createStub(ResultInterface::class);
+        $this->redirectUriResultStub = $this->createStub(Result::class);
         $this->redirectUriResultStub->method('getValue')->willReturn('sample-uri');
-        $this->stateResultStub = $this->createStub(ResultInterface::class);
+        $this->stateResultStub = $this->createStub(Result::class);
         $this->stateResultStub->method('getValue')->willReturn('sample-state');
 
-        $this->clientResultStub = $this->createStub(ResultInterface::class);
-        $this->validScopesResultStub = $this->createStub(ResultInterface::class);
+        $this->clientResultStub = $this->createStub(Result::class);
+        $this->validScopesResultStub = $this->createStub(Result::class);
 
         $this->moduleConfigStub = $this->createStub(ModuleConfig::class);
         $this->openIdConfigurationStub = $this->createStub(Configuration::class);
diff --git a/tests/unit/src/Server/RequestRules/Rules/ScopeRuleTest.php b/tests/unit/src/Server/RequestRules/Rules/ScopeRuleTest.php
index fa144662..0cdc985a 100644
--- a/tests/unit/src/Server/RequestRules/Rules/ScopeRuleTest.php
+++ b/tests/unit/src/Server/RequestRules/Rules/ScopeRuleTest.php
@@ -14,7 +14,6 @@
 use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultBagInterface;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\RequestRules\ResultBag;
 use SimpleSAML\Module\oidc\Server\RequestRules\Rules\ClientRedirectUriRule;
@@ -156,7 +155,7 @@ public function testValidScopes(): void
             $this->data,
             $this->responseModeStub,
         );
-        $this->assertInstanceOf(ResultInterface::class, $result);
+        $this->assertInstanceOf(Result::class, $result);
         $this->assertIsArray($result->getValue());
         $this->assertSame($this->scopeEntities['openid'], $result->getValue()[0]);
         $this->assertSame($this->scopeEntities['profile'], $result->getValue()[1]);
diff --git a/tests/unit/src/Server/RequestRules/Rules/StateRuleTest.php b/tests/unit/src/Server/RequestRules/Rules/StateRuleTest.php
index 336ca8bb..faeb0ec6 100644
--- a/tests/unit/src/Server/RequestRules/Rules/StateRuleTest.php
+++ b/tests/unit/src/Server/RequestRules/Rules/StateRuleTest.php
@@ -8,7 +8,7 @@
 use PHPUnit\Framework\TestCase;
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\Module\oidc\Helpers;
-use SimpleSAML\Module\oidc\Server\RequestRules\Interfaces\ResultInterface;
+use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\RequestRules\ResultBag;
 use SimpleSAML\Module\oidc\Server\RequestRules\Rules\StateRule;
 use SimpleSAML\Module\oidc\Server\ResponseModes\ResponseModeInterface;
@@ -76,7 +76,7 @@ public function testCheckRuleHasValue(): void
             $this->responseModeStub,
         );
 
-        $this->assertInstanceOf(ResultInterface::class, $result);
+        $this->assertInstanceOf(Result::class, $result);
         $this->assertSame($value, $result->getValue());
     }
 
@@ -98,7 +98,7 @@ public function testCheckRulePostMethod(): void
             $this->responseModeStub,
         );
 
-        $this->assertInstanceOf(ResultInterface::class, $result);
+        $this->assertInstanceOf(Result::class, $result);
         $this->assertSame(null, $result->getValue());
     }
 }