Adds missing check of the state returned by the authorization server, during auth. code flow.
Allows the wallet to provide a state to be included in the authorization request. If not provided, a random value will be used
Unfortunately, this PR introduces a small breaking change to the library public facade.
In particular the method authorizeWithAuthorizationCode which was accepting a single parameter (authorizationCode), now will have an additional serverState.
So, wallet after user authorization (on the auth. server side), must provide the authorization_code & the state
returned by the server.
suspend fun AuthorizationRequestPrepared.authorizeWithAuthorizationCode(
authorizationCode: AuthorizationCode,
serverState: String,
): Result<AuthorizedRequest>
This PR closes #205
state
returned by the authorization server, during auth. code flow.state
to be included in the authorization request. If not provided, a random value will be usedUnfortunately, this PR introduces a small breaking change to the library public facade.
In particular the method
authorizeWithAuthorizationCode
which was accepting a single parameter (authorizationCode
), now will have an additionalserverState
.So, wallet after user authorization (on the auth. server side), must provide the
authorization_code
& thestate
returned by the server.