@panva: As discussed, this pull request ignores static state and nonce values that are passed to the Strategy() (a mis-use of the API). Ignoring them here allows them to be dynamically generated on each authenticate() for flows that require them.
I also documented how to pass dynamic parameters to authenticate() (in a separate commit, daa70a5, in case you aren't interested in this change).
Note that this is a breaking change for users who are mis-using the API in this way if their Authorization Server requires a nonce or state for a flow where the spec does not require it.
Let me know if tests or anything else would be helpful.
@panva: As discussed, this pull request ignores static
stateandnoncevalues that are passed to theStrategy()(a mis-use of the API). Ignoring them here allows them to be dynamically generated on eachauthenticate()for flows that require them.I also documented how to pass dynamic parameters to
authenticate()(in a separate commit, daa70a5, in case you aren't interested in this change).Note that this is a breaking change for users who are mis-using the API in this way if their Authorization Server requires a nonce or state for a flow where the spec does not require it.
Let me know if tests or anything else would be helpful.