Recommended user registration/authorization flow

[vancouverwill]

The documentation recommends using authorization grant type to register user. I tried this flow but in Authorization Handler it's default action is to authenticate client before authorizing which doesn't make sense see

node-oauth2-server/lib/handlers/authorize-handler.js

Line 87 in e1f741f

this.getClient(request),

However I found a workaround on line

node-oauth2-server/lib/handlers/authorize-handler.js

Line 42 in e1f741f

if (options.authenticateHandler && !options.authenticateHandler.handle) {

there is the option to pass your own authenticateHandler which returns a user and they have recently added this to the docs see https://oauth2-server.readthedocs.io/en/latest/api/oauth2-server.html?highlight=authenticateHandler

However further down in the authorization workflow it blocks any grant type which is not of authorization_type see

node-oauth2-server/lib/handlers/authorize-handler.js

Line 184 in e1f741f

if (!_.includes(client.grants, 'authorization_code')) {

,

We want to use password or client_credentials grant and authorize when the user registers, so not sure how authorize should be used (note there are quite a few questions about this open here about authorization such as #494).