diff --git a/apps/oauth2/lib/Controller/LoginRedirectorController.php b/apps/oauth2/lib/Controller/LoginRedirectorController.php
index 8e8cff1b1a56f37b458f90fc923a701db5c069b8..25154cbd4dcf45913997d378740293e80d7b8d9b 100644
--- a/apps/oauth2/lib/Controller/LoginRedirectorController.php
+++ b/apps/oauth2/lib/Controller/LoginRedirectorController.php
@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /**
  * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
  *
@@ -50,7 +51,7 @@ class LoginRedirectorController extends Controller {
 	 * @param ISession $session
 	 * @param IL10N $l
 	 */
-	public function __construct($appName,
+	public function __construct(string $appName,
 								IRequest $request,
 								IURLGenerator $urlGenerator,
 								ClientMapper $clientMapper,
@@ -75,7 +76,7 @@ class LoginRedirectorController extends Controller {
 	 */
 	public function authorize($client_id,
 							  $state,
-							  $response_type) {
+							  $response_type): Response {
 		try {
 			$client = $this->clientMapper->getByIdentifier($client_id);
 		} catch (ClientNotFoundException $e) {
diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php
index 73fed3654d57479206c169566509d68220ade324..b05d3781e5c1646ec458f4f51826a25d4944d621 100644
--- a/apps/oauth2/lib/Controller/OauthApiController.php
+++ b/apps/oauth2/lib/Controller/OauthApiController.php
@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /**
  * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
  *
@@ -53,18 +54,7 @@ class OauthApiController extends Controller {
 	/** @var Throttler */
 	private $throttler;
 
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param ICrypto $crypto
-	 * @param AccessTokenMapper $accessTokenMapper
-	 * @param ClientMapper $clientMapper
-	 * @param TokenProvider $tokenProvider
-	 * @param ISecureRandom $secureRandom
-	 * @param ITimeFactory $time
-	 * @param Throttler $throttler
-	 */
-	public function __construct($appName,
+	public function __construct(string $appName,
 								IRequest $request,
 								ICrypto $crypto,
 								AccessTokenMapper $accessTokenMapper,
@@ -94,7 +84,7 @@ class OauthApiController extends Controller {
 	 * @param string $client_secret
 	 * @return JSONResponse
 	 */
-	public function getToken($grant_type, $code, $refresh_token, $client_id, $client_secret) {
+	public function getToken($grant_type, $code, $refresh_token, $client_id, $client_secret): JSONResponse {
 
 		// We only handle two types
 		if ($grant_type !== 'authorization_code' && $grant_type !== 'refresh_token') {