authenticateHandler.handle returning null causes error

[cancan101]

The docs for authenticateHandler say:

If there is no associated user (i.e. the user is not logged in) a falsy value should be returned.

However if I return null I then get the following Error:

node-oauth2-server/lib/handlers/authorize-handler.js

Lines 263 to 265 in 91d2cbe

	if (!user) {
	throw new ServerError('Server error: `handle()` did not return a `user` object');
	}

[cancan101]

and perhaps related is there anyway to redirect a non logged in user from within authenticateHandler to a login screen?

[tswaters]

Noticed this as well. We use the authenticateHandler for the login form that shows up on the authorization server, for auth code flow.... something like this:

app.post('/login', async handler(req, res) {
  await req.oauth.authorize({
    authenticateHandler: {
      async handle() {
        return app.oauth.getUser(req.body.username, req.body.password, req.query)
      },
    },
  })
})

Before, the modal method would return null if a valid user could not be found and we'd get a server error. Now, it throws an invalid grant error if a user can't be found, similar to how it gets handled in the password flow, here:

node-oauth2-server/lib/grant-types/password-grant-type.js

Lines 93 to 95 in 6d4c987

	if (!user) {
	throw new InvalidGrantError('Invalid grant: user credentials are invalid');
	}

So this way it's at least consistent between the two.... IMO, the code in the authorize handler should throw an InvalidGrantError similar to how the password grant type does it, see above ^^