Skip to content

Commit

Permalink
include state in authorizationUrl()
Browse files Browse the repository at this point in the history
  • Loading branch information
alxndrsn committed Dec 4, 2024
1 parent 77f1274 commit 3274fd4
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions lib/resources/oidc.js
Original file line number Diff line number Diff line change
Expand Up @@ -108,18 +108,19 @@ module.exports = (service, endpoint) => {

const code_challenge = generators.codeChallenge(code_verifier); // eslint-disable-line camelcase

const { next } = req.query ?? '';
const state = stateFor(next);

const authUrl = client.authorizationUrl({
scope: SCOPES.join(' '),
resource: `${envDomain}/v1`,
code_challenge,
code_challenge_method: CODE_CHALLENGE_METHOD,
state,
});

res.cookie(CODE_VERIFIER_COOKIE, code_verifier, { ...callbackCookieProps, maxAge: ONE_HOUR });

const { next } = req.query;
const state = stateFor(next);
res.cookie(STATE_COOKIE, state, { ...callbackCookieProps, maxAge: ONE_HOUR });
res.cookie(STATE_COOKIE, state, { ...callbackCookieProps, maxAge: ONE_HOUR }); // eslint-disable-line no-multi-spaces

redirect(307, authUrl);
} catch (err) {
Expand All @@ -135,7 +136,7 @@ module.exports = (service, endpoint) => {
service.get('/oidc/callback', endpoint.html(async (container, _, req, res) => {
try {
const code_verifier = req.cookies[CODE_VERIFIER_COOKIE]; // eslint-disable-line camelcase
const state = req.cookies[STATE_COOKIE]; // eslint-disable-line no-multi-spaces
const state = req.cookies[STATE_COOKIE]; // eslint-disable-line no-multi-spaces
res.clearCookie(CODE_VERIFIER_COOKIE, callbackCookieProps);
res.clearCookie(STATE_COOKIE, callbackCookieProps); // eslint-disable-line no-multi-spaces

Expand Down

0 comments on commit 3274fd4

Please sign in to comment.