Support overriding state variable

LakshanKarunathilake · LakshanKarunathilake · commit c8f3011084b4 · 2022-02-23T14:56:21.000+05:30
diff --git a/openid_connect.js b/openid_connect.js
@@ -259,7 +259,7 @@ function getAuthZArgs(r) {
 
         authZArgs += "&code_challenge_method=S256&code_challenge=" + pkce_code_challenge + "&state=" + r.variables.pkce_id;
     } else {
-        authZArgs += "&state=0";
+        authZArgs += "&state=" + r.variables.state;
     }
     return authZArgs;
 }
@@ -272,4 +272,4 @@ function idpClientAuth(r) {
     } else {
         return "code=" + r.variables.arg_code + "&client_secret=" + r.variables.oidc_client_secret;
     }   
-}
+}
diff --git a/openid_connect_configuration.conf b/openid_connect_configuration.conf
@@ -43,6 +43,11 @@ map $host $oidc_hmac_key {
     default "ChangeMe";
 }
 
+map $host $state {
+    # Unable to use this state if PKCE is enabled
+    default 0;
+}
+
 map $proto $oidc_cookie_flags {
     http  "Path=/; SameSite=lax;"; # For HTTP/plaintext testing
     https "Path=/; SameSite=lax; HttpOnly; Secure;"; # Production recommendation

Original file line number	Diff line number	Diff line change
`@@ -259,7 +259,7 @@ function getAuthZArgs(r) {`
`259`	`259`
`260`	`260`	`authZArgs += "&code_challenge_method=S256&code_challenge=" + pkce_code_challenge + "&state=" + r.variables.pkce_id;`
`261`	`261`	`} else {`
`262`		`- authZArgs += "&state=0";`
	`262`	`+ authZArgs += "&state=" + r.variables.state;`
`263`	`263`	`}`
`264`	`264`	`return authZArgs;`
`265`	`265`	`}`
`@@ -272,4 +272,4 @@ function idpClientAuth(r) {`
`272`	`272`	`} else {`
`273`	`273`	`return "code=" + r.variables.arg_code + "&client_secret=" + r.variables.oidc_client_secret;`
`274`	`274`	`}`
`275`		`-}`
	`275`	`+}`