access req.user in server.authorization() validation

[DraconPern]

I am trying the following..
server.authorization( function(clientID, redirectURI, done) {
// access req.user here
}
I want to check to make sure the clientID is really accessible by the user, but looking at the code, there doesn't seem to be a way. Or am I doing something really wrong?

[smaclell]

@DraconPern there is another callbacks for server.authorization you can use to respond based on the user.

The full signature for server.authorization is:

oauth2orize/lib/server.js

Line 136 in f6dabcc

Server.prototype.authorization = function(options, validate, immediate, complete) {

By default you only need to use validate which validates only the client and not the user. For your use case you want to also use immediate. Using this other callback you can check whether the user, client and scope are valid (i.e. has the user authorized the scope for the client).

There are a number of overloads for the immediate callback, but the simplest usage would be:

function immediate(client, user, scope, done) {
  // access user and client here
  // when you are finished call done(err, allow)
  // where allow is true or false, other options left out
}