Preserve state in oauth

This commit is contained in:
Roger Braun 2017-09-14 09:29:51 +02:00
parent a8701282d4
commit ac3f32da7e
2 changed files with 8 additions and 1 deletions

View File

@ -10,7 +10,8 @@ def authorize(conn, params) do
response_type: params["response_type"], response_type: params["response_type"],
client_id: params["client_id"], client_id: params["client_id"],
scope: params["scope"], scope: params["scope"],
redirect_uri: params["redirect_uri"] redirect_uri: params["redirect_uri"],
state: params["state"]
} }
end end
@ -25,6 +26,11 @@ def create_authorization(conn, %{"authorization" => %{"name" => name, "password"
} }
else else
url = "#{redirect_uri}?code=#{auth.token}" url = "#{redirect_uri}?code=#{auth.token}"
url = if params["state"] do
url <> "&state=#{params["state"]}"
else
url
end
redirect(conn, external: url) redirect(conn, external: url)
end end
end end

View File

@ -10,5 +10,6 @@
<%= hidden_input f, :response_type, value: @response_type %> <%= hidden_input f, :response_type, value: @response_type %>
<%= hidden_input f, :redirect_uri, value: @redirect_uri %> <%= hidden_input f, :redirect_uri, value: @redirect_uri %>
<%= hidden_input f, :scope, value: @scope %> <%= hidden_input f, :scope, value: @scope %>
<%= hidden_input f, :state, value: @state%>
<%= submit "Authorize" %> <%= submit "Authorize" %>
<% end %> <% end %>