Add state parameter to authorize_url

[amine-bouassida]

Hi and thank you for this great gem,

I tried to use your gem in a project to perfom a linkedin connect but it always redirects me to linkedin.com with an Invalid Request error when I perform a GET of /auth/linkedin. So, I looked into your gem to see what was done and I found out that in the API documentation (https://developer.linkedin.com/documents/authentication) there is a parameter called state that is required to the authentication process and that is not passed by the gem. This parameter is required because it's used to prevent CSRF. So, I just added to the gem this parameter in the autorize_url with a random string as a value and it works fine now.

I think that it's worth adding to your current version because it's simply not working without that.

[decioferreira]

Hi @amine-bouassida,

The LinkedIn strategy class extends from OmniAuth::Strategies::OAuth2. And the OAuth2 gem should be responsible for setting up the state parameter (https://github.com/intridea/omniauth-oauth2/blob/master/lib/omniauth/strategies/oauth2.rb#L53).

There is probably something else going wrong on your app if you don't get the state parameter in the request to linkedin. Can you please try to follow the steps on the the README, on a new rails app and check if it works for you?

[amine-bouassida]

Sorry for the late answer. It's curious that my oauth2 makes that error. Anyway, thanks for the hint.

For the testing, I'll do it when I get a chance and come with my feedback.