Closed jgrancher closed 6 months ago
The state needs to be a random, unique and unguessable value, you shouldn't use the state to store some specific information, that's why the strategy doesn't provide a way to customize it, to ensure it's used correctly in a safe way.
If you want to use it to send a value from the route triggering the login flow to the callback, it's better to use a cookie.
As it stands, the
state
authorization param is controlled by a private methodgenerateState
, and you can't override it.In my case, I'd like to be able to control this param and set it from the
authorizationParams
override. This PR allows for a check to happen in thegetAuthorizationURL
method. Please let me know your thoughts, as I'm no OAuth expert. 🙏