Ability to customize state param (for redirecting a user to the original URL after login)

sergiodxa / remix-auth-oauth2

A OAuth2Strategy for Remix Auth

https://sergiodxa.github.io/remix-auth-oauth2/

MIT License

160 stars 63 forks source link

Ability to customize state param (for redirecting a user to the original URL after login) #1

Closed aaronshaf closed 2 years ago

aaronshaf commented 2 years ago

At let state = this.generateState(); one could store some custom state or the current pathname.

shamsup commented 2 years ago

According to Google and auth0, the best practice for the state param in OAuth2 is using a CSRF token instead of guessable parameters. You can store any other custom information in the session itself.