Why must set UserAuthorizationHandler?

[xiaofengzs]

When i set up my demo according the doc. i met access denied. When i debug it, i found i must set UserAuthorizationHandler.
My question is, when i sent authorization request to get code in oauth2 authorization code flow like the following code, there is no user info in url. So why must set UserAuthorizationHandler? What is userId for here?

http://localhost:9096/authorize?client_id=000000&response_type=code

[wd0517]

oauth2/server/handler.go

Lines 22 to 23 in b369a2d

	// UserAuthorizationHandler get user id from request authorization
	UserAuthorizationHandler func(w http.ResponseWriter, r *http.Request) (userID string, err error)

For authorization code flow, it need to know which user is granting permission to third-party application, since the user is already logged in at this point, you need to implement the UserAuthorizationHandler to retrieve and return the authenticated user.

To run the broken demo in the readme, you can add some dummy code as below:

    ....
    srv.SetClientInfoHandler(server.ClientFormHandler)
    srv.SetUserAuthorizationHandler(func(w http.ResponseWriter, r *http.Request) (userID string, err error) {
        return "1", nil
    })
    .....