Implicit authorisation is trying to authenticate first

[elliotlings]

I'm not sure if I am understanding this correctly, but when trying to implicit grant (on dev branch), it is trying to authenticate first. Should this be happening or is it WIP? I am calling a URL such as:

http://localhost:3500/oauth/authorize?response_type=token&client_id=1&redirect_uri=https://example.com&scope=SCOPES&state=STATE

[vancouverwill]

hey @elliotlings on line https://github.com/oauthjs/node-oauth2-server/blob/e1f741fdad191ee47e7764b80a8403c1ea2804d4/lib/handlers/authorize-handler.js#L42 there is the option to pass your own authenticateHandler which returns a user and they have recently added this to the docs see https://oauth2-server.readthedocs.io/en/latest/api/oauth2-server.html?highlight=authenticateHandler

However further down in the authorization workflow it blocks any grant type which is not of authorization_type see https://github.com/oauthjs/node-oauth2-server/blob/e1f741fdad191ee47e7764b80a8403c1ea2804d4/lib/handlers/authorize-handler.js#L184, We want to use password grant and authorize when the user logs in so not sure how authorize should be used (note there are quite a few questions about this open here about authorization such as https://github.com/oauthjs/node-oauth2-server/issues/494)