oauthjs
Client Credentials Grant
When request a token by client_credential grant lib call getUserFromClient function.
As explained in the documentation here: https://oauth2-server.readthedocs.io/en/latest/model/spec.html#getuserfromclient-client-callback
"This model function is required if the client_credentials grant is used."
But precisely, during a grant of this type, there is no link between client and a specific user. See: https://oauth.net/2/grant-types/client-credentials/
"The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user."
If in function getUserFromClient if we do not return a user (mean user = undefined), the lib return an error like { "error": "invalid_grant", "error_description": "Invalid grant: user credentials are invalid" } Beceause of : ClientCredentialsGrantType.prototype.getUserFromClient = function(client) { return promisify(this.model.getUserFromClient, 1).call(this.model, client) .then(function(user) { if (!user) { throw new InvalidGrantError('Invalid grant: user credentials are invalid'); } return user; }); };
The fact of not having a user associated with a client does not imply that the credentials are invalid. And, in documentation Return value of getUserFromClient, it is said that "An Object representing the user, or a falsy value if the client does not have an associated user. "
And if we return an empty user (mean user = { } for exemple), there is an error like
{
"error": "invalid_argument",
"error_description": "Missing parameter: user"
}
I suspect it's beceause in token record user field is not present.
The response come from TokenModel function in token-model.js file, there is the following test
if (!data.user) {
throw new InvalidArgumentError('Missing parameter: user');
}
I don't understand the logic, why user is required in TokenModel? According to the OAuth2.0 specification we should not need a link between client and user
