From 3734730bf75c9684173322658d367a715e6a9967 Mon Sep 17 00:00:00 2001
From: Eli Bosley <ekbosley@gmail.com>
Date: Fri, 24 Jan 2025 13:37:40 -0500
Subject: [PATCH] feat: state using crypto

---
 web/components/SsoButton.ce.vue | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/web/components/SsoButton.ce.vue b/web/components/SsoButton.ce.vue
index 35e4caa2e..4ba6a1e5f 100644
--- a/web/components/SsoButton.ce.vue
+++ b/web/components/SsoButton.ce.vue
@@ -49,8 +49,9 @@ const getStateToken = (): string | null => {
 };
 
 const generateStateToken = (): string => {
-  const state =
-    Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
+  const array = new Uint8Array(32);
+  window.crypto.getRandomValues(array);
+  const state = Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');
   sessionStorage.setItem('sso_state', state);
   return state;
 };