From 1c8bf36ea2b35ee4d76472e4c883fbf31c522cb2 Mon Sep 17 00:00:00 2001 From: Konstantin Konstantinov Date: Sun, 13 Jul 2025 08:42:46 +0300 Subject: [PATCH 1/2] generate random state parameter in oauth state machine --- client/src/lib/oauth-state-machine.ts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/client/src/lib/oauth-state-machine.ts b/client/src/lib/oauth-state-machine.ts index d87b3ecd6..b3307af9d 100644 --- a/client/src/lib/oauth-state-machine.ts +++ b/client/src/lib/oauth-state-machine.ts @@ -113,6 +113,13 @@ export const oauthTransitions: Record = { scope = metadata.scopes_supported.join(" "); } + // Generate a random state + const array = new Uint8Array(32); + crypto.getRandomValues(array); + const state = Array.from(array, (byte) => + byte.toString(16).padStart(2, '0'), + ).join(''); + const { authorizationUrl, codeVerifier } = await startAuthorization( context.serverUrl, { @@ -120,6 +127,7 @@ export const oauthTransitions: Record = { clientInformation, redirectUrl: context.provider.redirectUrl, scope, + state: state, resource: context.state.resource ?? undefined, }, ); From 4ef85f744c5ee96ddefb97620f36ddc79d1de640 Mon Sep 17 00:00:00 2001 From: Konstantin Konstantinov Date: Sun, 13 Jul 2025 08:44:57 +0300 Subject: [PATCH 2/2] generate random state parameter in oauth state machine --- client/src/lib/oauth-state-machine.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/src/lib/oauth-state-machine.ts b/client/src/lib/oauth-state-machine.ts index b3307af9d..5078cfe4b 100644 --- a/client/src/lib/oauth-state-machine.ts +++ b/client/src/lib/oauth-state-machine.ts @@ -117,8 +117,8 @@ export const oauthTransitions: Record = { const array = new Uint8Array(32); crypto.getRandomValues(array); const state = Array.from(array, (byte) => - byte.toString(16).padStart(2, '0'), - ).join(''); + byte.toString(16).padStart(2, "0"), + ).join(""); const { authorizationUrl, codeVerifier } = await startAuthorization( context.serverUrl,