fix: accept state, nonce as login args

pooya parsa · pooya parsa · commit e5579e9c2085 · 2019-05-24T01:59:29.000+04:30
diff --git a/lib/schemes/oauth2.js b/lib/schemes/oauth2.js
@@ -64,7 +64,7 @@ export default class Oauth2Scheme {
     return this.$auth.reset()
   }
 
-  login ({ params } = {}) {
+  login ({ params, state, nonce } = {}) {
     const opts = {
       protocol: 'oauth2',
       response_type: this.options.response_type,
@@ -73,7 +73,7 @@ export default class Oauth2Scheme {
       scope: this._scope,
       // Note: The primary reason for using the state parameter is to mitigate CSRF attacks.
       // https://auth0.com/docs/protocols/oauth2/oauth-state
-      state: nanoid(),
+      state: state || nanoid(),
       ...params
     }
 
@@ -87,7 +87,7 @@ export default class Oauth2Scheme {
     if (opts.response_type.includes('id_token')) {
       // nanoid auto-generates an URL Friendly, unique Cryptographic string
       // Recommended by Auth0 on https://auth0.com/docs/api-auth/tutorials/nonce
-      opts.nonce = nanoid()
+      opts.nonce = nonce || nanoid()
     }
 
     this.$auth.$storage.setLocalStorage(this.name + '.state', opts.state)
