Im also wondering if it's better to throw, rather then silently ignoring "non users" by returning null. To clarify the intend here.

well, throwing for anonymous token would be a big BC break, and would make this API much less developer-friendly

You're right. On 2nd thought i think the null default is fine indeed. There's no UserInterface available which is what we asked for, but it doesn't mean you're "logged out" per se in case of null.

I’m following the logic. But, was this to solve some specific issue?

It’s looks like a BC break to me, unfortunately.

We had some discussion on slack about the inconsistency between the documented@return and the actual return (any object). Basically it causes confusion about the intend...

But no real issue :) it will just crash if this class is (ever) updated to have type declarations (#27944). To me that smells a violation.

And yes, we can do an upgrade path with deprecations but i also think it qualifies a bugfix (otherwise the bugfix would be to update to@return object|null, which AFAIK was not the intend here ...)

Bug fix: that’s a good argument for the behavior change. I’d still prefer a deprecation and a merge into 4.2... after all, the bug isn’t currently hurting any functionality. So, waiting until 4.2 does not cause any issues.

+1 for a BC layer

Done.

I like the idea 👍

Thank you@ro0NL.