Sending specific state while calling passport.authenticate

kinjalkparmar commented 4 years ago

Hi All,

I am sending a particular state parameter with the authenticate call as below. But that state is changed to a random string. How do I send a specific state and retrieve it after the callback url is called. Basically what I want is, I have couple of parameters based on which I will redirect to different routes. those i am trying to pass as state parameters, but they are changed to some random string and they are lost. How do I retrieve them. Thanks.

passport.authenticate('oidc', { state: JSON.stringify({ tab: 'placement' }) })

const passport = require('passport'); const OidcStrategy = require('passport-openidconnect').Strategy;

app.use( session({ secret: crypto.randomBytes(64).toString('hex').substring(0, 20), resave: true, saveUninitialized: true, }) ); app.use(passport.initialize()); app.use(passport.session()); passport.use( 'oidc', new OidcStrategy( { issuer: 'xxxx', authorizationURL: 'xxxx', tokenURL: 'xxxx', userInfoURL: 'xxxx', clientID: 'xxxx', clientSecret: 'xxxxx', callbackURL: 'xxxxx', scope: 'profile groups', nonce: crypto .randomBytes(64) .toString('hex') .substring(0, 20), }, (issuer, sub, profile, accessToken, refreshToken, params, done) => {

  return done(null, profile);
}

) ); app.use('/login',passport.authenticate('oidc', { state: JSON.stringify({ tab: 'placement' }) }) )`

josephmulholland commented 4 years ago

I've got the exact same issue. It appears that regardless of what is passed through in the options parameter of the .authenticate() call, the state parameter is ignored and randomly generated by the library:

https://github.com/jaredhanson/passport-openidconnect/blob/master/lib/state/session.js#L42