wd0517
commented
9 months ago For authorization code flow, it need to know which user is granting permission to third-party application, since the user is already logged in at this point, you need to implement the UserAuthorizationHandler to retrieve and return the authenticated user.
To run the broken demo in the readme, you can add some dummy code as below:
....
srv.SetClientInfoHandler(server.ClientFormHandler)
srv.SetUserAuthorizationHandler(func(w http.ResponseWriter, r *http.Request) (userID string, err error) {
return "1", nil
})
.....
When i set up my demo according the doc. i met access denied. When i debug it, i found i must set UserAuthorizationHandler. My question is, when i sent authorization request to get code in oauth2 authorization code flow like the following code, there is no user info in url. So why must set UserAuthorizationHandler? What is userId for here?