mirror/oidc
1
0
Fork 0
mirror of https://github.com/zitadel/oidc.git synced 2026-05-03 08:31:00 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix state handling in auth request

Browse Source
This commit is contained in:
Livio Amstutz
2020-09-15 08:06:18 +02:00
parent 3c2ad6a53d
commit 2dfdaa2223
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/rp/default_rp.go
+5 -1
View File
@@ -153,7 +153,11 @@ func (p *DefaultRP) AuthURL(state string, opts ...AuthURLOpt) string {
//AuthURL is the `RelayingParty` interface implementation
//extending the `AuthURL` method with a http redirect handler
func (p *DefaultRP) AuthURLHandler(state string) http.HandlerFunc {
return AuthURLHandler(state, p)
return AuthURLHandler(
func() string {
return state
}, p,
)
}
//deprecated: Use CodeExchange func and provide a RelayingParty
pkg/rp/relaying_party.go
+2 -1
View File
@@ -230,9 +230,10 @@ func AuthURL(state string, rp RelayingParty, opts ...AuthURLOpt) string {
//AuthURLHandler extends the `AuthURL` method with a http redirect handler
//including handling setting cookie for secure `state` transfer
func AuthURLHandler(state string, rp RelayingParty) http.HandlerFunc {
func AuthURLHandler(stateFn func() string, rp RelayingParty) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
opts := make([]AuthURLOpt, 0)
state := stateFn()
if err := trySetStateCookie(w, state, rp); err != nil {
http.Error(w, "failed to create state cookie: "+err.Error(), http.StatusUnauthorized)
return