This is probably a strange request, but my 'user' depends on some information found from the client_id. It is the only method in DataHandler that doesn't have some access to that information (that produces a User).

findUser method is for Password Credentials which is used to issue an access token.
Username and password should be used for Password Credentials on OAuth2 flow.

The problem I'm trying to get at here, is that in my DataHandler[User], the User class is a mapping between something called an institution and a user. But the user might have multiple institutions, so I can't rely completely on the username / password. Where as the clientId has a relationship (been created specifically for) an institution; so if I have that information, I can determine which institution to map it to.

It looks like in practice this wont actually matter because the AuthInfo wrapper has the information needed to create the access token correctly. Sorry for the useless issues.